|
308971
|
7.5 |
HIGH
Network
|
litellm
|
litellm
|
A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/c…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-6587
|
2024-09-20 23:55 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308972
|
9.8 |
CRITICAL
Network
|
thinkphp
|
thinkphp
|
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-44902
|
2024-09-20 23:55 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308973
|
9.1 |
CRITICAL
Network
|
baxter
|
connex_health_portal
|
In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex po…
|
NVD-CWE-noinfo
|
CVE-2024-6796
|
2024-09-20 23:53 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308974
|
9.8 |
CRITICAL
Network
|
baxter
|
connex_health_portal
|
In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database.…
|
CWE-89
SQL Injection
|
CVE-2024-6795
|
2024-09-20 23:53 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308975
|
9.8 |
CRITICAL
Network
|
sfs
|
winsure
|
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2.
|
CWE-94
Code Injection
|
CVE-2024-7104
|
2024-09-20 23:44 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308976
|
- |
|
-
|
-
|
runofast Indoor Security Camera for Baby Monitor has a default password of password for the root account. This allows access to the /stream1 URI via the rtsp:// protocol to receive the video and audi…
|
-
|
CVE-2024-46959
|
2024-09-20 23:35 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308977
|
- |
|
-
|
-
|
An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38…
|
-
|
CVE-2024-45523
|
2024-09-20 23:35 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308978
|
- |
|
-
|
-
|
Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card.
|
-
|
CVE-2023-41612
|
2024-09-20 23:35 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308979
|
6.5 |
MEDIUM
Network
|
syscomgo
|
omflow
|
OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of ot…
|
NVD-CWE-noinfo
|
CVE-2024-8780
|
2024-09-20 23:35 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308980
|
6.5 |
MEDIUM
Network
|
syscomgo
|
omflow
|
OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files.
|
CWE-22
Path Traversal
|
CVE-2024-8778
|
2024-09-20 23:23 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
