|
307441
|
6.8 |
MEDIUM
Network
|
cisco
|
rv042_firmware
rv042g_firmware
rv320_firmware
rv325_firmware
|
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an un…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-20517
|
2024-10-8 22:47 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307442
|
6.5 |
MEDIUM
Network
|
cisco
|
nexus_dashboard
nexus_dashboard_fabric_controller
|
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device.
This vulnerability…
|
NVD-CWE-noinfo
|
CVE-2024-20441
|
2024-10-8 22:45 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307443
|
6.8 |
MEDIUM
Network
|
cisco
|
rv042_firmware
rv042g_firmware
rv320_firmware
rv325_firmware
|
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an un…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-20516
|
2024-10-8 22:44 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307444
|
8.8 |
HIGH
Network
|
mi
|
ax9000_firmware
|
The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root acce…
|
CWE-77
Command Injection
|
CVE-2023-26315
|
2024-10-8 19:15 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307445
|
4.8 |
MEDIUM
Network
|
expresstech
|
quiz_and_survey_master
|
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Sc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8758
|
2024-10-8 06:35 |
2024-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307446
|
6.1 |
MEDIUM
Network
|
seopress
|
seopress
|
The SEOPress – On-site SEO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9225
|
2024-10-8 05:24 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307447
|
9.8 |
CRITICAL
Network
|
code-projects
|
restaurant_reservation_system
|
A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter2.php. The …
|
CWE-89
SQL Injection
|
CVE-2024-9429
|
2024-10-8 05:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307448
|
6.1 |
MEDIUM
Network
|
icopydoc
|
yml_for_yandex_market
|
The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitizat…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9378
|
2024-10-8 05:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307449
|
4.8 |
MEDIUM
Network
|
redhat
|
build_of_keycloak
|
A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 3…
|
CWE-324
Use of a Key Past its Expiration Date
|
CVE-2024-7318
|
2024-10-8 05:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307450
|
5.4 |
MEDIUM
Network
|
cisco
|
nexus_dashboard_fabric_controller
nexus_dashboard
|
A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device.
Thi…
|
CWE-862
Missing Authorization
|
CVE-2024-20442
|
2024-10-8 05:11 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
