|
309121
|
8.8 |
HIGH
Network
|
owasp
|
defectdojo
|
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
|
NVD-CWE-Other
|
CVE-2023-48171
|
2024-09-19 03:54 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309122
|
7.5 |
HIGH
Network
|
i-doit
|
i-doit
|
SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cm…
|
CWE-89
SQL Injection
|
CVE-2024-8749
|
2024-09-19 03:53 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309123
|
8.8 |
HIGH
Network
|
sir
|
gnuboard
|
Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.
|
CWE-346
Origin Validation Error
|
CVE-2024-41475
|
2024-09-19 03:51 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309124
|
9.8 |
CRITICAL
Network
|
soplanning
|
soplanning
|
An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulne…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-27113
|
2024-09-19 03:43 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309125
|
9.8 |
CRITICAL
Network
|
soplanning
|
soplanning
|
A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying d…
|
CWE-89
SQL Injection
|
CVE-2024-27112
|
2024-09-19 03:42 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309126
|
9.8 |
CRITICAL
Network
|
agpt
|
autogpt
|
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific com…
|
CWE-78
OS Command
|
CVE-2024-6091
|
2024-09-19 03:41 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309127
|
9.8 |
CRITICAL
Network
|
reedos
|
aim-star
|
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulner…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-45790
|
2024-09-19 03:38 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309128
|
7.5 |
HIGH
Network
|
pxlrbt
|
filament_excel
|
Filament Excel enables excel export for Filament admin resources. The export download route `/filament-excel/{path}` allowed downloading any file without login when the webserver allows `../` in the …
|
CWE-22
Path Traversal
|
CVE-2024-42485
|
2024-09-19 03:31 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309129
|
6.5 |
MEDIUM
Adjacent
|
zyxel
|
gs1900-48hpv2_firmware
gs1900-48_firmware
gs1900-24hpv2_firmware
gs1900-24ep_firmware
gs1900-24e_firmware
gs1900-24_firmware
gs1900-16_firmware
gs1900-10hp_firmware
gs1900-8hp…
|
An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2…
|
CWE-331
Insufficient Entropy
|
CVE-2024-38270
|
2024-09-19 03:23 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309130
|
6.5 |
MEDIUM
Network
|
reedos
|
aim-star
|
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vul…
|
NVD-CWE-Other
|
CVE-2024-45787
|
2024-09-19 03:15 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
