|
310931
|
8.8 |
HIGH
Network
|
filemanagerpro
|
file_manager
|
The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mk_file…
|
CWE-352
Origin Validation Error
|
CVE-2024-8507
|
2024-10-18 03:20 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310932
|
7.8 |
HIGH
Local
|
microsoft
|
windows_11_24h2
|
Windows Kernel Elevation of Privilege Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-43527
|
2024-10-18 03:18 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310933
|
7.8 |
HIGH
Local
|
microsoft
|
office
365_apps
office_long_term_servicing_channel
|
Microsoft Office Visio Remote Code Execution Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-43505
|
2024-10-18 03:16 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310934
|
5.9 |
MEDIUM
Network
|
-
|
-
|
An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2024-47491
|
2024-10-18 03:15 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310935
|
6.5 |
MEDIUM
Adjacent
|
gotenna
|
gotenna_pro
|
The goTenna Pro App allows unauthenticated attackers to remotely update
the local public keys used for P2P and group messages. It is advised to
update your app to the current release for enhanced e…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-47130
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310936
|
4.3 |
MEDIUM
Adjacent
|
gotenna
|
gotenna_pro
|
The goTenna Pro App does not inject extra characters into broadcasted
frames to obfuscate the length of messages. This makes it possible to
tell the length of the payload regardless of the encrypti…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-47129
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310937
|
4.3 |
MEDIUM
Adjacent
|
gotenna
|
gotenna_pro
|
The goTenna Pro App encryption key name is always sent unencrypted when
the key is shared over RF through a broadcast message. It is advised to
share the encryption key via local QR for higher secu…
|
NVD-CWE-noinfo
|
CVE-2024-47128
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310938
|
3.1 |
LOW
Adjacent
|
gotenna
|
gotenna_pro
|
In the goTenna Pro App there is a vulnerability that makes it possible
to inject any custom message with any GID and Callsign using a software
defined radio in existing goTenna mesh networks. This …
|
CWE-287
Improper Authentication
|
CVE-2024-47127
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310939
|
8.8 |
HIGH
Adjacent
|
gotenna
|
gotenna_pro
|
The goTenna Pro App does not use SecureRandom when generating passwords
for sharing cryptographic keys. The random function in use makes it
easier for attackers to brute force this password if the …
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2024-47126
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310940
|
5.4 |
MEDIUM
Adjacent
|
gotenna
|
gotenna_pro
|
The goTenna Pro App does not authenticate public keys which allows an
unauthenticated attacker to manipulate messages. It is advised to update
your app to the current release for enhanced encryptio…
|
CWE-287
Improper Authentication
|
CVE-2024-47125
|
2024-10-18 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
