|
306251
|
9.8 |
CRITICAL
Network
|
matrixcomsec
|
cosec_vega_faxq_firmware
|
This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vu…
|
NVD-CWE-Other
|
CVE-2024-10381
|
2024-11-15 06:44 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306252
|
5.9 |
MEDIUM
Network
|
ibm
|
txseries_for_multiplatforms
|
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the …
|
NVD-CWE-noinfo
|
CVE-2024-41738
|
2024-11-15 05:51 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306253
|
7.8 |
HIGH
Local
|
bytecodealliance
|
webassembly_micro_runtime
|
An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility func…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-25431
|
2024-11-15 05:42 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306254
|
5.3 |
MEDIUM
Network
|
ibm
|
txseries_for_multiplatforms
|
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system.
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-41741
|
2024-11-15 05:42 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306255
|
8.8 |
HIGH
Network
|
sbond
|
watcharr
|
A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation…
|
NVD-CWE-noinfo
|
CVE-2024-50634
|
2024-11-15 05:40 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306256
|
7.8 |
HIGH
Local
|
artifex
debian
suse
|
ghostscript
debian_linux
linux_enterprise_high_performance_computing
linux_enterprise_server
linux_enterprise_server_for_sap
|
An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
|
CWE-125
Out-of-bounds Read
|
CVE-2024-46956
|
2024-11-15 05:39 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306257
|
6.7 |
MEDIUM
Local
|
fortinet
|
forticlient
|
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-40592
|
2024-11-15 05:37 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306258
|
8.8 |
HIGH
Local
|
fortinet
|
forticlient
|
A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate thei…
|
CWE-270
Privilege Context Switching Error
|
CVE-2024-36513
|
2024-11-15 05:35 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306259
|
6.1 |
MEDIUM
Network
|
ibm
|
cics_tx
|
IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41745
|
2024-11-15 05:35 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306260
|
- |
|
-
|
-
|
An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber paramete…
|
-
|
CVE-2024-46635
|
2024-11-15 05:35 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
