|
308001
|
6.8 |
MEDIUM
Adjacent
|
netgear
|
ex3700_firmware
ex6100_firmware
ex6120_firmware
|
Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter.
|
CWE-77
Command Injection
|
CVE-2024-35519
|
2024-10-17 02:17 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308002
|
- |
|
-
|
-
|
SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php in OpenSis Community Edition 9.1 to 8.0, and possibly earlier version…
|
-
|
CVE-2024-35584
|
2024-10-17 02:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308003
|
6.8 |
MEDIUM
Adjacent
|
netgear
|
r7000_firmware
|
Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter.
|
CWE-77
Command Injection
|
CVE-2024-35520
|
2024-10-17 02:14 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308004
|
6.8 |
MEDIUM
Adjacent
|
netgear
|
ex6120_firmware
|
Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter.
|
CWE-77
Command Injection
|
CVE-2024-35518
|
2024-10-17 02:13 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308005
|
8.1 |
HIGH
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashbo…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-8977
|
2024-10-17 02:10 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308006
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated a…
|
NVD-CWE-noinfo
|
CVE-2024-9596
|
2024-10-17 02:00 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308007
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys…
|
CWE-863
Incorrect Authorization
|
CVE-2024-9623
|
2024-10-17 01:59 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308008
|
5.4 |
MEDIUM
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API
|
CWE-862
Missing Authorization
|
CVE-2024-48902
|
2024-10-17 01:57 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308009
|
9.8 |
CRITICAL
Network
|
seur
|
seur
|
The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint.
|
CWE-89
SQL Injection
|
CVE-2024-9201
|
2024-10-17 01:55 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308010
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2. When add…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6530
|
2024-10-17 01:53 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
