|
309461
|
8.2 |
HIGH
Local
|
hitachienergy
|
microscada_x_sys600
|
An attacker with local access to machine where MicroSCADA X
SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already establish…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2024-3982
|
2024-10-31 00:32 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309462
|
8.8 |
HIGH
Network
|
hitachienergy
|
microscada_x_sys600
microscada_pro_sys600
|
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to suc…
|
NVD-CWE-Other
|
CVE-2024-4872
|
2024-10-31 00:31 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309463
|
4.3 |
MEDIUM
Network
|
hitachienergy
|
microscada_x_sys600
|
An HTTP parameter may contain a URL value and could cause
the web application to redirect the request to the specified URL.
By modifying the URL value to a malicious site, an attacker may
successfull…
|
CWE-601
Open Redirect
|
CVE-2024-7941
|
2024-10-31 00:29 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309464
|
7.2 |
HIGH
Network
|
anujkumar
|
medical_card_generation_system
|
A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/card-bwdate…
|
CWE-89
SQL Injection
|
CVE-2024-10296
|
2024-10-31 00:13 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309465
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tcp: fix mptcp DSS corruption due to large pmtu xmit
Syzkaller was able to trigger a DSS corruption:
TCP: request_sock_subflow…
|
NVD-CWE-noinfo
|
CVE-2024-50083
|
2024-10-31 00:07 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309466
|
7.5 |
HIGH
Network
|
zzcms
|
zzcms
|
A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosu…
|
NVD-CWE-noinfo
|
CVE-2024-10290
|
2024-10-31 00:06 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309467
|
8.8 |
HIGH
Network
|
liferay
|
digital_experience_platform
liferay_portal
|
Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 up…
|
CWE-352
Origin Validation Error
|
CVE-2024-26271
|
2024-10-31 00:04 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309468
|
8.8 |
HIGH
Network
|
liferay
|
digital_experience_platform
liferay_portal
|
Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA …
|
CWE-352
Origin Validation Error
|
CVE-2024-26273
|
2024-10-31 00:03 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309469
|
8.8 |
HIGH
Network
|
liferay
|
digital_experience_platform
liferay_portal
|
Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA …
|
CWE-352
Origin Validation Error
|
CVE-2024-26272
|
2024-10-31 00:03 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309470
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()
Commit a3c1e45156ad ("net: microchip: vcap: Fix use-aft…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-50084
|
2024-10-30 23:56 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
