|
308001
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall.
|
CWE-78
OS Command
|
CVE-2024-8686
|
2024-10-3 10:35 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308002
|
7.8 |
HIGH
Local
|
telerik
|
ui_for_wpf
|
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8316
|
2024-10-3 10:01 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308003
|
5.5 |
MEDIUM
Local
|
papercut
|
papercut_ng
papercut_mf
|
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incor…
|
CWE-77
Command Injection
|
CVE-2024-8405
|
2024-10-3 09:51 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308004
|
7.5 |
HIGH
Network
|
nationalkeep
|
cybermath
|
Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations.This issue affects CyberMath: b…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2024-7107
|
2024-10-3 09:39 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308005
|
6.1 |
MEDIUM
Network
|
planex
|
cs-qr10_firmware
cs-qr20_firmware
cs-qr22_firmware
cs-qr220_firmware
cs-qr300_firmware
|
Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45836
|
2024-10-3 09:35 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308006
|
6.5 |
MEDIUM
Network
|
planex
|
mzk-dp300n_firmware
|
MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead…
|
CWE-352
Origin Validation Error
|
CVE-2024-45372
|
2024-10-3 09:34 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308007
|
9.8 |
CRITICAL
Network
|
nationalkeep
|
cybermath
|
Incorrect Authorization vulnerability in National Keep Cyber Security Services CyberMath allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CyberMath: before CYBM.2408…
|
CWE-863
Incorrect Authorization
|
CVE-2024-7108
|
2024-10-3 09:31 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308008
|
7.1 |
HIGH
Network
|
paloaltonetworks
|
pan-os
globalprotect
prisma_access
|
An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configur…
|
NVD-CWE-noinfo
|
CVE-2024-8687
|
2024-10-3 09:26 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308009
|
4.4 |
MEDIUM
Local
|
paloaltonetworks
|
pan-os
|
An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) wi…
|
NVD-CWE-Other
|
CVE-2024-8688
|
2024-10-3 09:19 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308010
|
- |
|
-
|
-
|
RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users …
|
CWE-20
Improper Input Validation
|
CVE-2024-47179
|
2024-10-3 05:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
