|
307441
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could explo…
|
CWE-287
Improper Authentication
|
CVE-2024-45115
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307442
|
- |
|
-
|
-
|
An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8. The vulnerability occurs in the API endpoint `http://0.0.0.0:3000/api/v1/memories/{id}/update`…
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2024-7041
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307443
|
- |
|
-
|
-
|
In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR. This vul…
|
CWE-22
Path Traversal
|
CVE-2024-7037
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307444
|
7.5 |
HIGH
Network
|
-
|
-
|
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker se…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2024-39525
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307445
|
7.5 |
HIGH
Network
|
-
|
-
|
An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacke…
|
CWE-1288
Improper Validation of Consistency within Input
|
CVE-2024-39515
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307446
|
- |
|
-
|
-
|
VMware NSX contains a local privilege escalation vulnerability.
An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assi…
|
-
|
CVE-2024-38818
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307447
|
- |
|
-
|
-
|
VMware NSX contains a content spoofing vulnerability.
An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive infor…
|
-
|
CVE-2024-38815
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307448
|
- |
|
-
|
-
|
HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request d…
|
-
|
CVE-2024-30118
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307449
|
- |
|
-
|
-
|
ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki h…
|
CWE-282
Improper Ownership Management
|
CVE-2024-47816
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307450
|
- |
|
-
|
-
|
IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permis…
|
CWE-79
CWE-80
Cross-site Scripting
Basic XSS
|
CVE-2024-47815
|
2024-10-10 21:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
