|
314761
|
9.8 |
CRITICAL
Network
|
wavelog
|
wavelog
|
Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin.
|
CWE-89
SQL Injection
|
CVE-2024-48257
|
2024-10-16 23:24 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314762
|
8.8 |
HIGH
Network
|
dlink
|
dir-619l_firmware
|
A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06. Affected is the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument …
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-9784
|
2024-10-16 23:12 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314763
|
8.1 |
HIGH
Network
|
shilpisoft
|
client_dashboard
|
This vulnerability exists in Shilpi Client Dashboard due to implementation of inadequate authentication mechanism in the login module wherein access to any users account is granted with just their co…
|
NVD-CWE-Other
|
CVE-2024-47652
|
2024-10-16 23:12 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314764
|
5.7 |
MEDIUM
Network
|
enalean
|
tuleap
|
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2024-46988
|
2024-10-16 23:07 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314765
|
5.4 |
MEDIUM
Network
|
ultimatemember
|
ultimate_member
|
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8519
|
2024-10-16 23:06 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314766
|
4.8 |
MEDIUM
Network
|
enalean
|
tuleap
|
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15…
|
CWE-79
Cross-site Scripting
|
CVE-2024-46980
|
2024-10-16 23:05 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314767
|
7.5 |
HIGH
Network
|
acronis
|
cyber_protect
|
Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-49387
|
2024-10-16 22:58 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314768
|
9.1 |
CRITICAL
Network
|
acronis
|
cyber_protect
|
Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-49388
|
2024-10-16 22:57 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314769
|
4.3 |
MEDIUM
Adjacent
|
acronis
|
cyber_protect
|
Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
|
NVD-CWE-Other
|
CVE-2024-49383
|
2024-10-16 22:53 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314770
|
4.3 |
MEDIUM
Adjacent
|
acronis
|
cyber_protect
|
Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
|
NVD-CWE-Other
|
CVE-2024-49382
|
2024-10-16 22:53 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
