|
313621
|
7.8 |
HIGH
Local
|
br-automation
|
industrial_automation_aprol
|
An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.
|
CWE-426
Untrusted Search Path
|
CVE-2024-5623
|
2024-09-14 05:19 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313622
|
8.8 |
HIGH
Network
|
portabilis
|
i-educar
|
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 b…
|
CWE-89
SQL Injection
|
CVE-2024-45059
|
2024-09-14 05:09 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313623
|
8.1 |
HIGH
Network
|
portabilis
|
i-educar
|
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal vie…
|
CWE-862
Missing Authorization
|
CVE-2024-45058
|
2024-09-14 05:06 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313624
|
6.1 |
MEDIUM
Network
|
portabilis
|
i-educar
|
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45057
|
2024-09-14 05:03 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313625
|
7.5 |
HIGH
Network
|
huawei
|
harmonyos
emui
|
Vulnerability of permission verification for APIs in the DownloadProviderMain module
Impact: Successful exploitation of this vulnerability will affect availability.
|
NVD-CWE-noinfo
|
CVE-2024-45442
|
2024-09-14 05:00 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313626
|
5.4 |
MEDIUM
Network
|
squaredup
|
squaredup_ds_for_scom
|
SquaredUp DS for SCOM 6.2.1.11104 allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2024-45180
|
2024-09-14 04:55 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313627
|
8.1 |
HIGH
Network
|
idec
|
windo\/i-nv4
windldr
|
Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user cre…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-41716
|
2024-09-14 04:53 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313628
|
4.3 |
MEDIUM
Network
|
audiobookshelf
|
audiobookshelf
|
audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` i…
|
CWE-22
Path Traversal
|
CVE-2024-43797
|
2024-09-14 04:49 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313629
|
9.8 |
CRITICAL
Network
|
zyxel
|
nwa110ax_firmware
nwa1123-ac_pro_firmware
nwa1123acv3_firmware
nwa130be_firmware
nwa210ax_firmware
nwa220ax-6e_firmware
nwa50ax_firmware
nwa50ax_pro_firmware
nwa55axe_firmware…
|
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4)
and e…
|
CWE-78
OS Command
|
CVE-2024-7261
|
2024-09-14 04:39 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313630
|
9.8 |
CRITICAL
Network
|
cisco
|
smart_license_utility
|
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.
This vulnerability is …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-20439
|
2024-09-14 04:35 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
