|
309301
|
4.3 |
MEDIUM
Network
|
bplugins
|
html5_video_player
|
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in…
|
CWE-862
Missing Authorization
|
CVE-2024-7721
|
2024-09-19 03:01 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309302
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-8012
|
2024-09-19 02:53 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309303
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-44107
|
2024-09-19 02:52 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309304
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
|
NVD-CWE-Other
|
CVE-2024-44106
|
2024-09-19 02:50 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309305
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-44105
|
2024-09-19 02:48 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309306
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated …
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2024-44104
|
2024-09-19 02:33 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309307
|
8.8 |
HIGH
Network
|
external-secrets
|
external_secrets_operator
|
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-45041
|
2024-09-19 02:31 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309308
|
9.8 |
CRITICAL
Network
|
angeljudesuarez
|
tailoring_management_system
|
A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ssms.php. The manipulation of …
|
CWE-89
SQL Injection
|
CVE-2024-8611
|
2024-09-19 02:24 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309309
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
|
CWE-426
Untrusted Search Path
|
CVE-2024-44103
|
2024-09-19 02:18 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309310
|
6.1 |
MEDIUM
Network
|
teleogistic
|
invite_anyone
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43327
|
2024-09-19 02:07 |
2024-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
