|
306441
|
- |
|
-
|
-
|
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.e…
|
-
|
CVE-2024-50624
|
2024-10-31 06:35 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306442
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security seve…
|
NVD-CWE-noinfo
|
CVE-2024-7974
|
2024-10-31 06:35 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306443
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
firefox_esr
|
Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header pr…
|
NVD-CWE-noinfo
|
CVE-2024-7531
|
2024-10-31 06:35 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306444
|
8.8 |
HIGH
Network
|
zimbra
|
collaboration
|
An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Si…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-45518
|
2024-10-31 06:23 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306445
|
7.8 |
HIGH
Local
|
ysoft
|
safeq
|
A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authent…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2022-23862
|
2024-10-31 06:21 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306446
|
9.8 |
CRITICAL
Network
|
riskengine
|
radar
|
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10121
|
2024-10-31 06:21 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306447
|
7.8 |
HIGH
Local
|
helakuru
|
helakuru
|
An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-48605
|
2024-10-31 06:19 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306448
|
4.9 |
MEDIUM
Network
|
i13websolution
|
photo_gallery_slideshow_\&_masonry_tiled_gallery
|
The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping…
|
CWE-89
SQL Injection
|
CVE-2019-25218
|
2024-10-31 06:18 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306449
|
4.3 |
MEDIUM
Network
|
nofusscomputing
|
centurion_erp
|
No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of.…
|
NVD-CWE-noinfo
|
CVE-2024-49373
|
2024-10-31 06:16 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306450
|
6.5 |
MEDIUM
Network
|
shudong-share_project
|
shudong-share
|
A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/create_share.php of the component Share Handler. The manipu…
|
CWE-89
SQL Injection
|
CVE-2024-10129
|
2024-10-31 06:15 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
