|
317181
|
9.8 |
CRITICAL
Network
|
enphase
|
iq_gateway_firmware
|
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is pr…
|
CWE-78
OS Command
|
CVE-2024-21878
|
2024-08-24 02:52 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317182
|
8.8 |
HIGH
Network
|
enphase
|
iq_gateway_firmware
|
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) …
|
CWE-78
OS Command
|
CVE-2024-21879
|
2024-08-24 02:49 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317183
|
7.2 |
HIGH
Network
|
enphase
|
iq_gateway_firmware
|
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) a…
|
CWE-78
OS Command
|
CVE-2024-21880
|
2024-08-24 02:38 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317184
|
- |
|
-
|
-
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code…
|
-
|
CVE-2024-42763
|
2024-08-24 02:35 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317185
|
9.8 |
CRITICAL
Network
|
squirrelly
|
squirrelly
|
squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.
|
CWE-94
Code Injection
|
CVE-2024-40453
|
2024-08-24 02:35 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317186
|
6.1 |
MEDIUM
Network
|
okfn
|
ckan
|
CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41675
|
2024-08-24 02:07 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317187
|
5.3 |
MEDIUM
Network
|
okfn
|
ckan
|
CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-41674
|
2024-08-24 02:06 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317188
|
7.8 |
HIGH
Local
|
microfocus
|
netiq_privileged_access_manager
|
SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.
|
CWE-78
OS Command
|
CVE-2020-11847
|
2024-08-24 02:04 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317189
|
7.5 |
HIGH
Network
|
microfocus
|
netiq_privileged_access_manager
|
A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resource…
|
NVD-CWE-noinfo
|
CVE-2020-11846
|
2024-08-24 02:03 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317190
|
6.1 |
MEDIUM
Network
|
microfocus
|
netiq_self_service_password_reset
|
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6
|
CWE-79
Cross-site Scripting
|
CVE-2020-11850
|
2024-08-24 02:02 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
