|
313471
|
6.5 |
MEDIUM
Local
|
theforeman
|
foreman
|
A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the ne…
|
CWE-77
Command Injection
|
CVE-2024-7700
|
2024-09-16 23:20 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313472
|
4.3 |
MEDIUM
Network
|
sap
|
oil_\%\/_gas
|
Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow…
|
CWE-862
Missing Authorization
|
CVE-2024-44112
|
2024-09-16 23:19 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313473
|
2.7 |
LOW
Network
|
sap
|
netweaver_application_server_abap
|
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impa…
|
CWE-862
Missing Authorization
|
CVE-2024-41728
|
2024-09-16 23:14 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313474
|
2.7 |
LOW
Network
|
sap
|
netweaver_application_server_abap
|
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiali…
|
CWE-863
Incorrect Authorization
|
CVE-2024-44114
|
2024-09-16 23:09 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313475
|
5.4 |
MEDIUM
Network
|
jayesh
|
online_exam_system
|
A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "em…
|
CWE-79
Cross-site Scripting
|
CVE-2024-40478
|
2024-09-16 22:46 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313476
|
8.8 |
HIGH
Network
|
elastic
|
kibana
|
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Secu…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-37288
|
2024-09-16 22:29 |
2024-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313477
|
6.1 |
MEDIUM
Network
|
uniong
|
webitr
|
WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, ca…
|
CWE-601
Open Redirect
|
CVE-2024-8586
|
2024-09-16 22:28 |
2024-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313478
|
4.3 |
MEDIUM
Network
|
istyle
|
\@cosme
|
Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to …
|
NVD-CWE-noinfo
|
CVE-2024-45203
|
2024-09-16 22:27 |
2024-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313479
|
9.8 |
CRITICAL
Network
|
project_team
|
tmall_demo
|
A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argu…
|
CWE-89
SQL Injection
|
CVE-2024-8568
|
2024-09-16 22:22 |
2024-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313480
|
4.8 |
MEDIUM
Network
|
anujk305
|
bus_pass_management_system
|
phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2024-44798
|
2024-09-16 22:19 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
