|
255961
|
7.1 |
HIGH
Network
|
dylanjkotze
|
zephyr_project_manager
|
Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.102.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-43916
|
2024-09-13 01:21 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255962
|
5.4 |
MEDIUM
Network
|
xjd2020
|
fastcms
|
A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5. Affected is an unknown function of the component New Article Category Page. The manipulation leads to cross sit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7733
|
2024-09-13 01:20 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255963
|
5.4 |
MEDIUM
Network
|
deathbreak
|
drug
|
A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user para…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44837
|
2024-09-13 01:17 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255964
|
7.5 |
HIGH
Network
|
dataflowx
|
datadiodex
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.This issue affects DataDiodeX: from v3.0.0 before…
|
CWE-22
Path Traversal
|
CVE-2024-6445
|
2024-09-13 01:14 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255965
|
9.8 |
CRITICAL
Network
|
dlink
|
di-8100g_firmware
|
D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file
|
CWE-77
Command Injection
|
CVE-2024-44401
|
2024-09-13 01:09 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255966
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
Fix a use-after-free that occurs in hcd when in_urb sent from…
|
CWE-416
Use After Free
|
CVE-2023-52907
|
2024-09-13 01:06 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255967
|
9.1 |
CRITICAL
Network
|
openhab
|
openhab
|
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB …
|
CWE-862
Missing Authorization
|
CVE-2024-42470
|
2024-09-13 01:04 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255968
|
9.8 |
CRITICAL
Network
|
openhab
|
openhab
|
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authenti…
|
CWE-22
Path Traversal
|
CVE-2024-42469
|
2024-09-13 01:02 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255969
|
7.5 |
HIGH
Network
|
openhab
|
openhab
|
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated…
|
CWE-22
Path Traversal
|
CVE-2024-42468
|
2024-09-13 01:01 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255970
|
6.1 |
MEDIUM
Network
|
hyperview
|
geoportal_toolkit
|
HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting (XSS). An unauthenticated attacker might trick somebody into using a crafted URL, which will c…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6450
|
2024-09-13 00:42 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
