|
316741
|
4.8 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in Board instances. A rogue administrator could inject malicious code. The Concrete CMS security team gave this vu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7512
|
2024-08-31 03:19 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316742
|
4.8 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS versions 9.0.0 to 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer when user input is stored and later embedded into responses. A rogue administrator could inject mal…
|
CWE-79
Cross-site Scripting
|
CVE-2024-4350
|
2024-08-31 03:18 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316743
|
5.4 |
MEDIUM
Network
|
zohocorp
|
manageengine_servicedesk_plus_msp
manageengine_servicedesk_plus
manageengine_supportcenter_plus
|
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-38869
|
2024-08-31 03:15 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316744
|
9.8 |
CRITICAL
Network
|
pimax
|
play
pitool
|
Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker.
|
NVD-CWE-Other
|
CVE-2024-41889
|
2024-08-31 02:53 |
2024-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316745
|
8.0 |
HIGH
Adjacent
|
zexelon
|
zwx-2000csw2-hn_firmware
|
Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the con…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-41720
|
2024-08-31 02:49 |
2024-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316746
|
8.8 |
HIGH
Adjacent
|
zexelon
|
zwx-2000csw2-hn_firmware
|
ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the devic…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-39838
|
2024-08-31 02:49 |
2024-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316747
|
9.1 |
CRITICAL
Network
|
hamastar
|
meetinghub_paperless_meetings
|
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-6118
|
2024-08-31 02:44 |
2024-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316748
|
8.8 |
HIGH
Network
|
hamastar
|
meetinghub_paperless_meetings
|
A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary sy…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-6117
|
2024-08-31 02:41 |
2024-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316749
|
5.3 |
MEDIUM
Network
|
in2code
|
powermail
|
An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An un…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-45232
|
2024-08-31 01:34 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316750
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
CWE-843
Type Confusion
|
CVE-2024-8194
|
2024-08-31 01:34 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
