|
309181
|
9.8 |
CRITICAL
Network
|
pluck-cms
|
pluck
|
Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-43042
|
2024-09-20 06:01 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309182
|
8.8 |
HIGH
Network
|
nuxt
|
nuxt
|
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an…
|
CWE-94
Code Injection
|
CVE-2024-34344
|
2024-09-20 05:58 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309183
|
7.5 |
HIGH
Network
|
nuxt
|
nuxt
|
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-42352
|
2024-09-20 05:55 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309184
|
7.8 |
HIGH
Local
|
mongodb
|
mongodb
c_driver
php_driver
|
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing…
|
NVD-CWE-noinfo
|
CVE-2024-7553
|
2024-09-20 05:46 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309185
|
6.1 |
MEDIUM
Network
|
mailcow
|
mailcow\
|
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API l…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41959
|
2024-09-20 05:14 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309186
|
4.8 |
MEDIUM
Network
|
mailcow
|
mailcow\
|
mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is ex…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41960
|
2024-09-20 05:01 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309187
|
6.1 |
MEDIUM
Network
|
nuxt
|
nuxt
|
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The `navigateTo` function attempts to blockthe `javascript:` protocol, but does not correctly …
|
CWE-79
Cross-site Scripting
|
CVE-2024-34343
|
2024-09-20 04:57 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309188
|
6.5 |
MEDIUM
Network
|
lunary
|
lunary
|
An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invit…
|
NVD-CWE-Other
|
CVE-2024-6087
|
2024-09-20 04:32 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309189
|
3.9 |
LOW
Physics
|
redhat
opensc_project
|
enterprise_linux
opensc
|
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When …
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-45620
|
2024-09-20 04:21 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309190
|
6.5 |
MEDIUM
Network
|
eaton
|
foreseer_electrical_power_monitoring_system
|
The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the l…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2024-31416
|
2024-09-20 04:06 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
