|
304751
|
- |
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
-
|
CVE-2024-44573
|
2024-11-2 04:35 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304752
|
9.8 |
CRITICAL
Network
|
langchain
|
langchain
|
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulatio…
|
CWE-74
Injection
|
CVE-2024-8309
|
2024-11-2 04:19 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304753
|
4.3 |
MEDIUM
Network
|
giuliopanda
|
bulk_images_optimizer
|
The Bulk images optimizer: Resize, optimize, convert to webp, rename … plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_configura…
|
CWE-862
Missing Authorization
|
CVE-2024-9361
|
2024-11-2 03:46 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304754
|
9.8 |
CRITICAL
Network
|
zte
|
wrtm326_firmware
|
The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests.
|
CWE-78
OS Command
|
CVE-2024-10119
|
2024-11-2 03:40 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304755
|
6.5 |
MEDIUM
Network
|
fabianros
|
blood_bank_management_system
|
A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.p…
|
CWE-352
Origin Validation Error
|
CVE-2024-10448
|
2024-11-2 03:26 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304756
|
4.3 |
MEDIUM
Network
|
infinite-scroll
|
infinite-scroll
|
The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_a…
|
CWE-352
Origin Validation Error
|
CVE-2024-10040
|
2024-11-2 03:26 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304757
|
6.5 |
MEDIUM
Network
|
cisco
|
secure_firewall_management_center
|
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an af…
|
CWE-89
SQL Injection
|
CVE-2024-20472
|
2024-11-2 03:22 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304758
|
6.5 |
MEDIUM
Network
|
cisco
|
secure_firewall_management_center
|
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an af…
|
CWE-89
SQL Injection
|
CVE-2024-20471
|
2024-11-2 03:16 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304759
|
6.5 |
MEDIUM
Network
|
cisco
|
anyconnect_secure_mobility_client
secure_client
|
A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secur…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2024-20474
|
2024-11-2 03:14 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304760
|
8.8 |
HIGH
Network
|
grafana
|
grafana
|
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, le…
|
CWE-77
Command Injection
|
CVE-2024-9264
|
2024-11-2 03:14 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
