|
308331
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and T…
|
NVD-CWE-noinfo
|
CVE-2024-8900
|
2024-10-31 00:35 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308332
|
- |
|
-
|
-
|
The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.
|
-
|
CVE-2024-40743
|
2024-10-31 00:35 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308333
|
- |
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments sect…
|
-
|
CVE-2024-25837
|
2024-10-31 00:35 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308334
|
8.8 |
HIGH
Network
|
hitachienergy
|
microscada_x_sys600
microscada_pro_sys600
|
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names
that are used in filesystem operations. If exploited the vulnerability allows the at…
|
CWE-22
Path Traversal
|
CVE-2024-3980
|
2024-10-31 00:33 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308335
|
8.2 |
HIGH
Local
|
hitachienergy
|
microscada_x_sys600
|
An attacker with local access to machine where MicroSCADA X
SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already establish…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2024-3982
|
2024-10-31 00:32 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308336
|
8.8 |
HIGH
Network
|
hitachienergy
|
microscada_x_sys600
microscada_pro_sys600
|
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to suc…
|
NVD-CWE-Other
|
CVE-2024-4872
|
2024-10-31 00:31 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308337
|
4.3 |
MEDIUM
Network
|
hitachienergy
|
microscada_x_sys600
|
An HTTP parameter may contain a URL value and could cause
the web application to redirect the request to the specified URL.
By modifying the URL value to a malicious site, an attacker may
successfull…
|
CWE-601
Open Redirect
|
CVE-2024-7941
|
2024-10-31 00:29 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308338
|
7.2 |
HIGH
Network
|
anujkumar
|
medical_card_generation_system
|
A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/card-bwdate…
|
CWE-89
SQL Injection
|
CVE-2024-10296
|
2024-10-31 00:13 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308339
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tcp: fix mptcp DSS corruption due to large pmtu xmit
Syzkaller was able to trigger a DSS corruption:
TCP: request_sock_subflow…
|
NVD-CWE-noinfo
|
CVE-2024-50083
|
2024-10-31 00:07 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308340
|
7.5 |
HIGH
Network
|
zzcms
|
zzcms
|
A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosu…
|
NVD-CWE-noinfo
|
CVE-2024-10290
|
2024-10-31 00:06 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
