|
308321
|
4.8 |
MEDIUM
Network
|
decidim
|
decidim
|
decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attac…
|
CWE-79
Cross-site Scripting
|
CVE-2024-32034
|
2024-09-29 09:14 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308322
|
5.9 |
MEDIUM
Network
|
alf
|
alf
|
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of…
|
CWE-362
Race Condition
|
CVE-2024-45300
|
2024-09-29 09:08 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308323
|
5.3 |
MEDIUM
Network
|
phoenixcontact
|
tc_mguard_rs4000_4g_vzw_vpn_firmware
tc_mguard_rs4000_4g_vpn_firmware
tc_mguard_rs4000_4g_att_vpn_firmware
tc_mguard_rs4000_3g_vpn_firmware
tc_mguard_rs2000_4g_vzw_vpn_firmware
tc_mgua…
|
An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. T…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-7734
|
2024-09-29 08:56 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308324
|
8.8 |
HIGH
Network
|
qnap
|
music_station
|
An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network.
We have …
|
CWE-287
Improper Authentication
|
CVE-2023-45038
|
2024-09-29 08:51 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308325
|
8.8 |
HIGH
Network
|
qnap
|
video_station
|
An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fi…
|
CWE-78
CWE-77
OS Command
Command Injection
|
CVE-2023-47563
|
2024-09-29 08:47 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308326
|
8.8 |
HIGH
Network
|
qnap
|
video_station
|
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed…
|
CWE-89
SQL Injection
|
CVE-2023-50360
|
2024-09-29 08:44 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308327
|
7.8 |
HIGH
Local
|
ui
|
unifi_network_application
|
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell acces…
|
CWE-77
Command Injection
|
CVE-2024-42025
|
2024-09-29 03:35 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308328
|
6.1 |
MEDIUM
Network
|
mm-breaking_news_project
|
mm-breaking_news
|
The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8056
|
2024-09-28 06:29 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308329
|
6.1 |
MEDIUM
Network
|
mm-breaking_news_project
|
mm-breaking_news
|
The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add S…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8054
|
2024-09-28 06:29 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308330
|
4.8 |
MEDIUM
Network
|
ninjateam
|
header_footer_custom_code
|
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Sit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6617
|
2024-09-28 06:28 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
