|
308081
|
9.8 |
CRITICAL
Network
|
code-projects
|
blood_bank_system
|
A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forgot.php. The manipulation of the argument u…
|
CWE-89
SQL Injection
|
CVE-2024-9327
|
2024-10-2 21:57 |
2024-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308082
|
6.1 |
MEDIUM
Network
|
ckeditor
|
ckeditor5
|
CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45613
|
2024-10-2 07:15 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308083
|
6.5 |
MEDIUM
Network
|
apache
|
druid
|
Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid a…
|
NVD-CWE-noinfo
|
CVE-2024-45537
|
2024-10-2 05:41 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308084
|
7.8 |
HIGH
Local
|
restsharp
|
restsharp
|
RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to `RestRequest.AddHeader` (the header value) is vulnerable to CRLF injection. The same applies to `RestRequest.AddOrUpdat…
|
CWE-74
Injection
|
CVE-2024-45302
|
2024-10-2 05:05 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308085
|
8.0 |
HIGH
Network
|
strawberryrocks
|
strawberry
|
Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support as defined in the GraphQL multipart request specification was enabled by default in …
|
CWE-352
Origin Validation Error
|
CVE-2024-47082
|
2024-10-2 05:01 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308086
|
7.5 |
HIGH
Network
|
watchguard
|
single_sign-on_client
|
Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network acc…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2024-6594
|
2024-10-2 04:41 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308087
|
9.1 |
CRITICAL
Network
|
watchguard
|
authentication_gateway
|
Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands.
This…
|
CWE-863
Incorrect Authorization
|
CVE-2024-6593
|
2024-10-2 04:37 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308088
|
7.5 |
HIGH
Network
|
circutor
|
q-smt_firmware
|
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web app…
|
CWE-613
Insufficient Session Expiration
|
CVE-2024-8888
|
2024-10-2 04:30 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308089
|
7.8 |
HIGH
Local
|
grafana
|
alloy
|
Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM
This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-r…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2024-8975
|
2024-10-2 04:20 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308090
|
7.8 |
HIGH
Local
|
grafana
|
agent
|
Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM
This issue affects Agent Flow: before 0.43.2
|
CWE-428
Unquoted Search Path or Element
|
CVE-2024-8996
|
2024-10-2 04:16 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
