|
312161
|
9.8 |
CRITICAL
Network
|
reedos
|
aim-star
|
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulner…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-45790
|
2024-09-19 03:38 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312162
|
7.5 |
HIGH
Network
|
pxlrbt
|
filament_excel
|
Filament Excel enables excel export for Filament admin resources. The export download route `/filament-excel/{path}` allowed downloading any file without login when the webserver allows `../` in the …
|
CWE-22
Path Traversal
|
CVE-2024-42485
|
2024-09-19 03:31 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312163
|
6.5 |
MEDIUM
Adjacent
|
zyxel
|
gs1900-48hpv2_firmware
gs1900-48_firmware
gs1900-24hpv2_firmware
gs1900-24ep_firmware
gs1900-24e_firmware
gs1900-24_firmware
gs1900-16_firmware
gs1900-10hp_firmware
gs1900-8hp…
|
An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2…
|
CWE-331
Insufficient Entropy
|
CVE-2024-38270
|
2024-09-19 03:23 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312164
|
6.5 |
MEDIUM
Network
|
reedos
|
aim-star
|
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vul…
|
NVD-CWE-Other
|
CVE-2024-45787
|
2024-09-19 03:15 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312165
|
5.3 |
MEDIUM
Network
|
bplugins
|
html5_video_player
|
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5…
|
CWE-862
Missing Authorization
|
CVE-2024-7727
|
2024-09-19 03:07 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312166
|
9.8 |
CRITICAL
Network
|
spip
|
spip
|
SPIP before 4.3.2, 4.2.16, and
4.1.18 is vulnerable to a command injection issue. A
remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipar…
|
NVD-CWE-Other
|
CVE-2024-8517
|
2024-09-19 03:05 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312167
|
4.3 |
MEDIUM
Network
|
bplugins
|
html5_video_player
|
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in…
|
CWE-862
Missing Authorization
|
CVE-2024-7721
|
2024-09-19 03:01 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312168
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-8012
|
2024-09-19 02:53 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312169
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-44107
|
2024-09-19 02:52 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312170
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
|
NVD-CWE-Other
|
CVE-2024-44106
|
2024-09-19 02:50 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
