|
310031
|
5.4 |
MEDIUM
Network
|
cryoutcreations
|
fluida
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Fluida allows Stored XSS.This issue affects Fluida: from n/a through 1.8.8.
|
CWE-79
Cross-site Scripting
|
CVE-2024-44054
|
2024-09-23 23:23 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310032
|
7.8 |
HIGH
Local
|
intel
|
raid_web_console
|
Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
|
NVD-CWE-noinfo
|
CVE-2024-34543
|
2024-09-23 23:17 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310033
|
5.7 |
MEDIUM
Adjacent
|
intel
|
raid_web_console
|
Improper access control in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via adjacent access.
|
NVD-CWE-noinfo
|
CVE-2024-36261
|
2024-09-23 23:16 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310034
|
5.7 |
MEDIUM
Adjacent
|
intel
|
raid_web_console
|
Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable denial of service via adjacent access.
|
NVD-CWE-noinfo
|
CVE-2024-36247
|
2024-09-23 23:16 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310035
|
5.7 |
MEDIUM
Adjacent
|
intel
|
raid_web_console
|
Improper input validation in some Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable information disclosure via adjacent access.
|
NVD-CWE-noinfo
|
CVE-2024-34545
|
2024-09-23 23:13 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310036
|
6.5 |
MEDIUM
Adjacent
|
espressif
|
esp-now
|
ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An replay attacks vulnerability was discovered in the implementation of the ESP-NOW because the caches is not differentiated …
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2024-42483
|
2024-09-23 23:06 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310037
|
7.8 |
HIGH
Local
|
refuel
|
autolabel
|
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user cr…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2024-27320
|
2024-09-23 22:56 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310038
|
6.5 |
MEDIUM
Network
|
mattermost
|
mattermost_mobile
|
Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the password to get saved in the dictionary…
|
NVD-CWE-Other
|
CVE-2024-45833
|
2024-09-23 22:43 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310039
|
7.5 |
HIGH
Network
|
vidco
|
voc_tester
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal.This issue affects VOC TESTER: before 12.34.8.
|
CWE-22
Path Traversal
|
CVE-2024-7609
|
2024-09-23 18:15 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310040
|
9.8 |
CRITICAL
Network
|
profelis
|
passbox
|
Improper Authentication, Missing Authentication for Critical Function, Improper Authorization vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affec…
|
CWE-287
CWE-306
CWE-285
Improper Authentication
Missing Authentication for Critical Function
Improper Authorization
|
CVE-2024-7015
|
2024-09-23 18:15 |
2024-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
