|
314051
|
9.1 |
CRITICAL
Network
|
siemens
|
sinec_ins
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could al…
|
CWE-78
OS Command
|
CVE-2024-46890
|
2024-11-14 08:12 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314052
|
5.3 |
MEDIUM
Network
|
siemens
|
sinec_ins
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could a…
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2024-46889
|
2024-11-14 08:11 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314053
|
9.9 |
CRITICAL
Network
|
siemens
|
sinec_ins
|
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. Thi…
|
CWE-22
Path Traversal
|
CVE-2024-46888
|
2024-11-14 08:11 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314054
|
10.0 |
CRITICAL
Network
|
siemens
|
telecontrol_server_basic
|
A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-44102
|
2024-11-14 08:05 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314055
|
8.8 |
HIGH
Network
|
tenda
|
ac10_firmware
|
A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of …
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2024-11061
|
2024-11-14 08:04 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314056
|
7.2 |
HIGH
Network
|
surajkumarvishwakarma
|
real_estate_management_system
|
A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component A…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2024-11058
|
2024-11-14 08:03 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314057
|
9.8 |
CRITICAL
Network
|
ruijie
|
rg-nbs2009g-p_firmware
|
Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-24117
|
2024-11-14 07:56 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314058
|
8.8 |
HIGH
Network
|
ultrapress
|
empowerment
|
The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. This makes it possible for authenticated …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-7433
|
2024-11-14 07:04 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314059
|
8.8 |
HIGH
Network
|
ultrapress
|
unseen_blog
|
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-7432
|
2024-11-14 07:03 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314060
|
3.7 |
LOW
Network
|
netadmin
|
netadmin_iam
|
A vulnerability was found in Netadmin Software NetAdmin IAM up to 3.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /controller/api/Answer/ReturnUser…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-9513
|
2024-11-14 06:57 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
