|
308241
|
8.8 |
HIGH
Network
|
progress
|
telerik_reporting
|
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
|
CWE-470
Unsafe Reflection
|
CVE-2024-8014
|
2024-10-15 23:54 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308242
|
7.8 |
HIGH
Local
|
progress
|
telerik_reporting
|
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.
|
CWE-77
Command Injection
|
CVE-2024-7840
|
2024-10-15 23:52 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308243
|
6.5 |
MEDIUM
Network
|
progress
|
telerik_reporting
|
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
|
NVD-CWE-noinfo
|
CVE-2024-7294
|
2024-10-15 23:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308244
|
8.8 |
HIGH
Network
|
progress
|
telerik_reporting
|
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.
|
CWE-521
Weak Password Requirements
|
CVE-2024-7293
|
2024-10-15 23:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308245
|
8.8 |
HIGH
Network
|
progress
|
telerik_report_server
|
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-7292
|
2024-10-15 23:50 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308246
|
7.5 |
HIGH
Network
|
templateinvaders
|
ti_woocommerce_wishlist
|
The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin…
|
CWE-89
SQL Injection
|
CVE-2024-9156
|
2024-10-15 23:40 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308247
|
5.4 |
MEDIUM
Network
|
essamamdani
|
advanced_blocks_pro
|
The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and o…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9074
|
2024-10-15 23:37 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308248
|
6.1 |
MEDIUM
Network
|
esri
|
portal_for_arcgis
|
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1, 10.9.1 and 10.8.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could …
|
CWE-79
Cross-site Scripting
|
CVE-2024-25691
|
2024-10-15 23:35 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308249
|
4.4 |
MEDIUM
Local
|
google
|
android
|
there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploi…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2024-44096
|
2024-10-15 23:35 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308250
|
7.8 |
HIGH
Local
|
google
|
android
|
In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileg…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-44095
|
2024-10-15 23:35 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
