|
310611
|
5.4 |
MEDIUM
Adjacent
|
gotenna
|
gotenna_pro
|
The goTenna Pro App does not authenticate public keys which allows an
unauthenticated attacker to manipulate messages. It is advised to update
your app to the current release for enhanced encryptio…
|
CWE-287
Improper Authentication
|
CVE-2024-47125
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310612
|
6.5 |
MEDIUM
Adjacent
|
gotenna
|
gotenna_pro
|
The goTenna Pro App does not encrypt callsigns in messages. It is
recommended to not use sensitive information in callsigns when using
this and previous versions of the app and update your app to t…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-47124
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310613
|
6.5 |
MEDIUM
Adjacent
|
gotenna
|
gotenna_pro
|
In the goTenna Pro App, the encryption keys are stored along with a
static IV on the End User Device (EUD). This allows for complete
decryption of keys stored on the EUD if physically compromised. …
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-47122
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310614
|
4.3 |
MEDIUM
Adjacent
|
gotenna
|
gotenna
|
The goTenna Pro ATAK Plugin's default settings are to share Automatic
Position, Location, and Information (PLI) updates every 60 seconds once
the plugin is active and goTenna is connected. Users th…
|
NVD-CWE-Other
|
CVE-2024-43814
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310615
|
5.4 |
MEDIUM
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43362
|
2024-10-18 03:14 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310616
|
9.8 |
CRITICAL
Network
|
oretnom23
|
online_veterinary_appointment_system
|
A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0. Affected is an unknown function of the file /admin/categories/manage_category.php. Th…
|
CWE-89
SQL Injection
|
CVE-2024-9818
|
2024-10-18 03:13 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310617
|
8.8 |
HIGH
Network
|
blood_bank_system_project
|
blood_bank_system
|
A vulnerability was found in code-projects Blood Bank System 1.0. It has been classified as critical. This affects an unknown part of the file /update.php. The manipulation of the argument name leads…
|
CWE-89
SQL Injection
|
CVE-2024-9817
|
2024-10-18 03:12 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310618
|
9.8 |
CRITICAL
Network
|
taismartfactory
|
qplant_sf
|
SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially …
|
CWE-89
SQL Injection
|
CVE-2024-9925
|
2024-10-18 03:09 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310619
|
8.2 |
HIGH
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stor…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43364
|
2024-10-18 03:09 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310620
|
8.8 |
HIGH
Network
|
formosasoft
|
ee-class
|
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulner…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9981
|
2024-10-18 03:05 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
