|
310061
|
6.5 |
MEDIUM
Network
|
microsoft
|
edge
|
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-38222
|
2024-09-19 04:01 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310062
|
7.3 |
HIGH
Local
|
cisco
|
meraki_systems_manager
|
A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.
This vulnerability is …
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-20430
|
2024-09-19 03:56 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310063
|
8.8 |
HIGH
Network
|
owasp
|
defectdojo
|
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
|
NVD-CWE-Other
|
CVE-2023-48171
|
2024-09-19 03:54 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310064
|
7.5 |
HIGH
Network
|
i-doit
|
i-doit
|
SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cm…
|
CWE-89
SQL Injection
|
CVE-2024-8749
|
2024-09-19 03:53 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310065
|
8.8 |
HIGH
Network
|
sir
|
gnuboard
|
Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.
|
CWE-346
Origin Validation Error
|
CVE-2024-41475
|
2024-09-19 03:51 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310066
|
9.8 |
CRITICAL
Network
|
soplanning
|
soplanning
|
An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulne…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-27113
|
2024-09-19 03:43 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310067
|
9.8 |
CRITICAL
Network
|
soplanning
|
soplanning
|
A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying d…
|
CWE-89
SQL Injection
|
CVE-2024-27112
|
2024-09-19 03:42 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310068
|
9.8 |
CRITICAL
Network
|
agpt
|
autogpt
|
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific com…
|
CWE-78
OS Command
|
CVE-2024-6091
|
2024-09-19 03:41 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310069
|
9.8 |
CRITICAL
Network
|
reedos
|
aim-star
|
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulner…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-45790
|
2024-09-19 03:38 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310070
|
7.5 |
HIGH
Network
|
pxlrbt
|
filament_excel
|
Filament Excel enables excel export for Filament admin resources. The export download route `/filament-excel/{path}` allowed downloading any file without login when the webserver allows `../` in the …
|
CWE-22
Path Traversal
|
CVE-2024-42485
|
2024-09-19 03:31 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
