|
252361
|
4.9 |
MEDIUM
Network
|
usualtool
|
usualtoolcms
|
A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the a…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-9917
|
2024-10-19 09:49 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252362
|
7.2 |
HIGH
Network
|
usualtool
|
usualtoolcms
|
A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the a…
|
CWE-89
SQL Injection
|
CVE-2024-9918
|
2024-10-19 09:47 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252363
|
7.5 |
HIGH
Network
|
dueclic
|
wp_2fa_with_telegram
|
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, whi…
|
CWE-565
Reliance on Cookies without Validation and Integrity Checking
|
CVE-2024-9820
|
2024-10-19 09:44 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252364
|
8.8 |
HIGH
Network
|
newtype
|
webeip
|
WebEIP v3.0 from
NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affe…
|
CWE-89
SQL Injection
|
CVE-2024-9968
|
2024-10-19 09:42 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252365
|
7.2 |
HIGH
Network
|
fortinet
|
fortianalyzer
fortianalyzer_cloud
|
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
|
NVD-CWE-noinfo
|
CVE-2024-45330
|
2024-10-19 09:41 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252366
|
7.2 |
HIGH
Network
|
hashicorp
|
vault
|
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edi…
|
NVD-CWE-Other
|
CVE-2024-9180
|
2024-10-19 05:15 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252367
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-9884. Reason: This candidate is a reservation duplicate of CVE-2024-9884. Notes: All CVE users should reference CV…
|
-
|
CVE-2024-10115
|
2024-10-19 04:15 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252368
|
7.5 |
HIGH
Network
|
oracle
|
weblogic_server
|
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerab…
|
NVD-CWE-noinfo
|
CVE-2024-21274
|
2024-10-19 04:05 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252369
|
7.5 |
HIGH
Network
|
oracle
|
weblogic_server
|
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerabili…
|
NVD-CWE-noinfo
|
CVE-2024-21260
|
2024-10-19 04:05 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252370
|
7.5 |
HIGH
Network
|
oracle
|
weblogic_server
|
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerabili…
|
NVD-CWE-noinfo
|
CVE-2024-21234
|
2024-10-19 04:05 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
