|
312301
|
6.1 |
MEDIUM
Network
|
casbin
|
casdoor
|
Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, he purchase URL that is created to generate a WechatPay QR code is vulnera…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41658
|
2024-08-29 01:08 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312302
|
- |
|
-
|
-
|
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allow…
|
-
|
CVE-2024-6879
|
2024-08-29 00:35 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312303
|
7.5 |
HIGH
Network
|
hex-rays
|
ida_pro
|
ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-44083
|
2024-08-29 00:15 |
2024-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312304
|
- |
|
-
|
-
|
A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges
|
-
|
CVE-2022-39997
|
2024-08-28 23:35 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312305
|
8.8 |
HIGH
Network
|
apache
|
hertzbeat
|
Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-42362
|
2024-08-28 22:49 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312306
|
9.8 |
CRITICAL
Network
|
apache
|
hertzbeat
|
Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it exec…
|
CWE-89
SQL Injection
|
CVE-2024-42361
|
2024-08-28 22:49 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312307
|
- |
|
-
|
-
|
Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the …
|
-
|
CVE-2024-45049
|
2024-08-28 21:57 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312308
|
- |
|
-
|
-
|
Meshtastic device firmware is a firmware for meshtastic devices to run an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic device firmware …
|
-
|
CVE-2024-45038
|
2024-08-28 21:57 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312309
|
- |
|
-
|
-
|
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extens…
|
-
|
CVE-2024-5814
|
2024-08-28 21:57 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312310
|
- |
|
-
|
-
|
An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with…
|
-
|
CVE-2024-5288
|
2024-08-28 21:57 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
