|
309011
|
8.8 |
HIGH
Adjacent
|
dlink
|
covr-x1870_firmware
dir-x4860_firmware
|
Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded…
|
CWE-912
Hidden Functionality
|
CVE-2024-45696
|
2024-09-20 06:42 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309012
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-x4860_firmware
|
Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS comm…
|
CWE-912
Hidden Functionality
|
CVE-2024-45697
|
2024-09-20 06:40 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309013
|
9.8 |
CRITICAL
Network
|
pluck-cms
|
pluck
|
Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-43042
|
2024-09-20 06:01 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309014
|
8.8 |
HIGH
Network
|
nuxt
|
nuxt
|
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an…
|
CWE-94
Code Injection
|
CVE-2024-34344
|
2024-09-20 05:58 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309015
|
7.5 |
HIGH
Network
|
nuxt
|
nuxt
|
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-42352
|
2024-09-20 05:55 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309016
|
7.8 |
HIGH
Local
|
mongodb
|
mongodb
c_driver
php_driver
|
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing…
|
NVD-CWE-noinfo
|
CVE-2024-7553
|
2024-09-20 05:46 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309017
|
6.1 |
MEDIUM
Network
|
mailcow
|
mailcow\
|
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API l…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41959
|
2024-09-20 05:14 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309018
|
4.8 |
MEDIUM
Network
|
mailcow
|
mailcow\
|
mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is ex…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41960
|
2024-09-20 05:01 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309019
|
6.1 |
MEDIUM
Network
|
nuxt
|
nuxt
|
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The `navigateTo` function attempts to blockthe `javascript:` protocol, but does not correctly …
|
CWE-79
Cross-site Scripting
|
CVE-2024-34343
|
2024-09-20 04:57 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309020
|
6.5 |
MEDIUM
Network
|
lunary
|
lunary
|
An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invit…
|
NVD-CWE-Other
|
CVE-2024-6087
|
2024-09-20 04:32 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
