|
308741
|
7.8 |
HIGH
Local
|
refuel
|
autolabel
|
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user cr…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2024-27320
|
2024-09-23 22:56 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308742
|
6.5 |
MEDIUM
Network
|
mattermost
|
mattermost_mobile
|
Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary…
|
NVD-CWE-Other
|
CVE-2024-45833
|
2024-09-23 22:43 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308743
|
7.5 |
HIGH
Network
|
vidco
|
voc_tester
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal.This issue affects VOC TESTER: before 12.34.8.
|
CWE-22
Path Traversal
|
CVE-2024-7609
|
2024-09-23 18:15 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308744
|
9.8 |
CRITICAL
Network
|
profelis
|
passbox
|
Improper Authentication, Missing Authentication for Critical Function, Improper Authorization vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affec…
|
CWE-287
CWE-306
CWE-285
Improper Authentication
Missing Authentication for Critical Function
Improper Authorization
|
CVE-2024-7015
|
2024-09-23 18:15 |
2024-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308745
|
- |
|
-
|
-
|
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.
|
-
|
CVE-2024-27185
|
2024-09-22 14:15 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308746
|
7.5 |
HIGH
Network
|
ibm
|
maximo_application_suite
|
IBM Maximo Application Suite - Manage Component 8.10, 8.11, and 9.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information using man i…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2024-37068
|
2024-09-21 19:15 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308747
|
8.2 |
HIGH
Network
|
ibm
|
security_verify_access_docker
security_verify_access
|
IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit …
|
CWE-601
Open Redirect
|
CVE-2024-35133
|
2024-09-21 19:15 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308748
|
8.1 |
HIGH
Network
|
ibm
|
app_connect_enterprise_certified_container
|
IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in run…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2022-43915
|
2024-09-21 19:15 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308749
|
6.5 |
MEDIUM
Network
|
ibm
|
cloud_pak_for_security
qradar_suite
|
IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2023-47728
|
2024-09-21 19:15 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308750
|
5.5 |
MEDIUM
Local
|
ibm
|
cloud_pak_for_security
qradar_suite
|
IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user. IBM X-F…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-25024
|
2024-09-21 19:15 |
2024-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
