|
307921
|
7.8 |
HIGH
Local
|
grafana
|
alloy
|
Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM
This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-r…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2024-8975
|
2024-10-2 04:20 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307922
|
7.8 |
HIGH
Local
|
grafana
|
agent
|
Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM
This issue affects Agent Flow: before 0.43.2
|
CWE-428
Unquoted Search Path or Element
|
CVE-2024-8996
|
2024-10-2 04:16 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307923
|
7.5 |
HIGH
Network
|
openslides
|
openslides
|
OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2024-22892
|
2024-10-2 04:10 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307924
|
6.5 |
MEDIUM
Network
|
ihedvall
|
mdf_library
|
Library MDF (mdflib) v2.1 is vulnerable to a heap-based buffer overread via a crafted mdf4 file is parsed using the ReadData function
|
CWE-787
Out-of-bounds Write
|
CVE-2024-41445
|
2024-10-2 04:03 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307925
|
5.5 |
MEDIUM
Local
|
devolutions
|
remote_desktop_manager
|
An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-7421
|
2024-10-2 03:36 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307926
|
9.8 |
CRITICAL
Network
|
meshtastic
|
meshtastic_firmware
|
Meshtastic is an open source, off-grid, decentralized, mesh network. Meshtastic uses MQTT to communicate over an internet connection to a shared or private MQTT Server. Nodes can communicate directly…
|
CWE-863
Incorrect Authorization
|
CVE-2024-47078
|
2024-10-2 03:29 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307927
|
8.6 |
HIGH
Network
|
circutor
|
q-smt_firmware
|
CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login p…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2024-8887
|
2024-10-2 02:30 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307928
|
9.8 |
CRITICAL
Network
|
scriptcase
|
scriptcase
|
Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST requ…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-8940
|
2024-10-2 02:21 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307929
|
9.8 |
CRITICAL
Network
|
doverfuelingsolutions
|
progauge_maglink_lx_console_firmware
progauge_maglink_lx4_console_firmware
|
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE
UTILITY sub-menu can allow a remote attacker to inject arbitrary
commands.
|
CWE-77
Command Injection
|
CVE-2024-43693
|
2024-10-2 02:17 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307930
|
7.8 |
HIGH
Local
|
telerik
|
ui_for_wpf
|
In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
|
CWE-77
Command Injection
|
CVE-2024-7679
|
2024-10-2 02:16 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
