|
308531
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is …
|
CWE-444
HTTP Request Smuggling
|
CVE-2024-9622
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308532
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configura…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-9621
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308533
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerabili…
|
-
|
CVE-2024-9620
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308534
|
- |
|
-
|
-
|
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.
|
-
|
CVE-2024-3057
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308535
|
- |
|
-
|
-
|
A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The vulnerability is present in the SetStationSettings function. The system directly invokes the system function to …
|
-
|
CVE-2024-45880
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308536
|
- |
|
-
|
-
|
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigne…
|
CWE-200
Information Exposure
|
CVE-2024-33506
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308537
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8482
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308538
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all …
|
CWE-862
Missing Authorization
|
CVE-2024-8431
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308539
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and includin…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9207
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308540
|
- |
|
-
|
-
|
CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be
remotely executed on the server when unsafely deserialized data is posted to the web server.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-9005
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
