|
309291
|
6.1 |
MEDIUM
Network
|
doverfuelingsolutions
|
progauge_maglink_lx_console_firmware
progauge_maglink_lx4_console_firmware
|
ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input
fields that are used to render pages which may allow cross site
scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2024-41725
|
2024-10-1 04:55 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309292
|
5.5 |
MEDIUM
Local
|
apple
|
macos
iphone_os
ipados
watchos
|
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, macOS Sequoia 15. An app may be able to access user-sensitiv…
|
NVD-CWE-noinfo
|
CVE-2024-44170
|
2024-10-1 04:48 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309293
|
5.3 |
MEDIUM
Network
|
scriptcase
|
scriptcase
|
Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter), which allows unauthenticated remote users to bypass Security…
|
CWE-22
Path Traversal
|
CVE-2024-8941
|
2024-10-1 04:45 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309294
|
7.5 |
HIGH
Network
|
kastle
|
access_control_system_firmware
|
Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-45862
|
2024-10-1 04:33 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309295
|
7.5 |
HIGH
Network
|
kastle
|
access_control_system_firmware
|
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-45861
|
2024-10-1 04:25 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309296
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Rejected reason: Duplicate of CVE-2024-45806.
|
-
|
CVE-2024-7207
|
2024-10-1 04:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309297
|
9.8 |
CRITICAL
Network
|
github
|
enterprise_server
|
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation met…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-6800
|
2024-10-1 04:14 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309298
|
5.3 |
MEDIUM
Network
|
coffee2code
|
custom_post_limits
|
The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions up to, and including, 4.4.1. This is due to the plugin utilizing bootstrap and leaving test files wit…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-6544
|
2024-10-1 04:12 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309299
|
6.5 |
MEDIUM
Network
|
moxa
|
mxview_one
|
The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of s…
|
CWE-22
Path Traversal
|
CVE-2024-6786
|
2024-10-1 03:31 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309300
|
4.3 |
MEDIUM
Network
|
cilium
|
cilium
|
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoute…
|
CWE-436
Interpretation Conflict
|
CVE-2024-42487
|
2024-10-1 03:31 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
