|
308901
|
6.1 |
MEDIUM
Network
|
cysoft168
|
super_easy_enterprise_management_system
|
Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html …
|
CWE-79
Cross-site Scripting
|
CVE-2024-42678
|
2024-11-19 03:15 |
2024-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308902
|
7.2 |
HIGH
Network
|
ivanti
|
endpoint_manager
|
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code …
|
CWE-89
SQL Injection
|
CVE-2024-50328
|
2024-11-19 03:08 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308903
|
8.8 |
HIGH
Network
|
ivanti
|
endpoint_manager
|
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User int…
|
CWE-22
Path Traversal
|
CVE-2024-50329
|
2024-11-19 03:07 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308904
|
7.8 |
HIGH
Local
|
adobe
|
photoshop
|
Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the curren…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2024-49514
|
2024-11-19 03:06 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308905
|
6.5 |
MEDIUM
Network
|
progress
|
telerik_document_processing_libraries
|
In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use o…
|
NVD-CWE-noinfo
|
CVE-2024-8049
|
2024-11-19 02:46 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308906
|
6.2 |
MEDIUM
Local
|
progress
|
telerik_report_server
|
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this informat…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-7295
|
2024-11-19 02:41 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308907
|
- |
|
-
|
-
|
A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to recover service account passwords that are saved on an affected syste…
|
CWE-200
Information Exposure
|
CVE-2020-3525
|
2024-11-19 02:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308908
|
- |
|
-
|
-
|
Holy Stone Remote ID Module HSRID01, firmware distributed with the Drone Go2 mobile application before 1.1.8, allows unauthenticated "remote power off" actions (in broadcast mode) via multiple read o…
|
-
|
CVE-2024-52876
|
2024-11-19 02:35 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308909
|
9.0 |
CRITICAL
Network
|
xwiki
|
pdf_viewer_macro
|
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact…
|
CWE-79
Cross-site Scripting
|
CVE-2024-52300
|
2024-11-19 02:29 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308910
|
7.5 |
HIGH
Network
|
xwiki
|
pdf_viewer_macro
|
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to pr…
|
NVD-CWE-noinfo
|
CVE-2024-52299
|
2024-11-19 02:29 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
