|
309501
|
- |
|
-
|
-
|
HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.
|
-
|
CVE-2024-30132
|
2024-10-30 06:35 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309502
|
5.5 |
MEDIUM
Local
|
wibu
|
wibukey
|
An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulti…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-45182
|
2024-10-30 06:35 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309503
|
8.8 |
HIGH
Network
|
italtel
|
embrace
|
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser…
|
NVD-CWE-noinfo
|
CVE-2024-31842
|
2024-10-30 06:35 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309504
|
- |
|
-
|
-
|
Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does "not consider the bug a security issu…
|
-
|
CVE-2024-44069
|
2024-10-30 06:35 |
2024-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309505
|
5.4 |
MEDIUM
Network
|
mecodia
|
feripro
|
Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/<program_id>/zuordnung/veranstaltungen/<event_id>" through the "school" input field.
|
CWE-79
Cross-site Scripting
|
CVE-2024-41519
|
2024-10-30 06:35 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309506
|
5.3 |
MEDIUM
Network
|
litestream
|
litestream
|
An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-th…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-41254
|
2024-10-30 06:35 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309507
|
4.3 |
MEDIUM
Network
|
agnai
|
agnai
|
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chos…
|
CWE-22
Path Traversal
|
CVE-2024-47170
|
2024-10-30 05:59 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309508
|
5.4 |
MEDIUM
Network
|
x2engine
|
x2crm
|
X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list.
|
CWE-79
Cross-site Scripting
|
CVE-2024-48120
|
2024-10-30 05:57 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309509
|
7.2 |
HIGH
Network
|
mayurik
|
petrol_pump_management
|
A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_f…
|
CWE-89
SQL Injection
|
CVE-2024-10406
|
2024-10-30 05:48 |
2024-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309510
|
7.2 |
HIGH
Network
|
mayurik
|
petrol_pump_management
|
A vulnerability, which was classified as critical, was found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/edit_customer.php. The manipulation…
|
CWE-89
SQL Injection
|
CVE-2024-10407
|
2024-10-30 05:47 |
2024-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
