|
256121
|
9.1 |
CRITICAL
Network
|
enphase
|
iq_gateway_firmware
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to a…
|
CWE-22
Path Traversal
|
CVE-2024-21876
|
2024-08-24 03:05 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256122
|
9.8 |
CRITICAL
Network
|
enphase
|
iq_gateway_firmware
|
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is pr…
|
CWE-78
OS Command
|
CVE-2024-21878
|
2024-08-24 02:52 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256123
|
8.8 |
HIGH
Network
|
enphase
|
iq_gateway_firmware
|
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) …
|
CWE-78
OS Command
|
CVE-2024-21879
|
2024-08-24 02:49 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256124
|
7.2 |
HIGH
Network
|
enphase
|
iq_gateway_firmware
|
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) a…
|
CWE-78
OS Command
|
CVE-2024-21880
|
2024-08-24 02:38 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256125
|
- |
|
-
|
-
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code…
|
-
|
CVE-2024-42763
|
2024-08-24 02:35 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256126
|
9.8 |
CRITICAL
Network
|
squirrelly
|
squirrelly
|
squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.
|
CWE-94
Code Injection
|
CVE-2024-40453
|
2024-08-24 02:35 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256127
|
6.1 |
MEDIUM
Network
|
okfn
|
ckan
|
CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41675
|
2024-08-24 02:07 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256128
|
5.3 |
MEDIUM
Network
|
okfn
|
ckan
|
CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-41674
|
2024-08-24 02:06 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256129
|
7.8 |
HIGH
Local
|
microfocus
|
netiq_privileged_access_manager
|
SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.
|
CWE-78
OS Command
|
CVE-2020-11847
|
2024-08-24 02:04 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256130
|
7.5 |
HIGH
Network
|
microfocus
|
netiq_privileged_access_manager
|
A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resource…
|
NVD-CWE-noinfo
|
CVE-2020-11846
|
2024-08-24 02:03 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
