4.3

CVSS3.1

CVE-2024-45125 - Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this iss…

πŸ“… Published: Oct. 10, 2024, 9:57 a.m. πŸ”„ Last Modified: Oct. 11, 2024, 10:05 p.m.

4.9

CVSS3.1

CVE-2024-9623 - Incorrect Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository.

πŸ“… Published: Oct. 10, 2024, 9:30 a.m. πŸ”„ Last Modified: Oct. 16, 2024, 4:59 p.m.

6

CVSS3.1

CVE-2024-22068 - Weak Password Vulnerability in ZTE ZSR V2 Intelligent Multi Service Router

Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier.

πŸ“… Published: Oct. 10, 2024, 8:51 a.m. πŸ”„ Last Modified: Feb. 7, 2025, 3:32 p.m.

5.3

CVSS3.1

CVE-2024-6747 - Information leak in mknotifyd

Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data

πŸ“… Published: Oct. 10, 2024, 7:43 a.m. πŸ”„ Last Modified: Oct. 15, 2024, 1:22 p.m.

5.3

CVSS3.1

CVE-2024-9802 - Conformance validation endpoint discloses detail about service to unauthenticated users

The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The atta…

πŸ“… Published: Oct. 10, 2024, 7:41 a.m. πŸ”„ Last Modified: Dec. 19, 2024, 5 p.m.

5.9

CVSS3.1

CVE-2024-9796 - WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection

The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

πŸ“… Published: Oct. 10, 2024, 7:38 a.m. πŸ”„ Last Modified: Oct. 15, 2024, 6:46 p.m.

5.3

CVSS3.1

CVE-2024-9798 - Health endpoint offers list of onboarded services to unauthenticated users

The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers.

πŸ“… Published: Oct. 10, 2024, 7:29 a.m. πŸ”„ Last Modified: Dec. 19, 2024, 5 p.m.

5.4

CVSS3.1

CVE-2024-7049 - Exposure of Token in open-webui/open-webui

In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmation, bypassing the intended approval process.

πŸ“… Published: Oct. 10, 2024, 7:15 a.m. πŸ”„ Last Modified: Oct. 17, 2024, 2:22 p.m.

7.8

CVSS3.1

CVE-2024-9781 - Improper Handling of Missing Values in Wireshark

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

πŸ“… Published: Oct. 10, 2024, 6:30 a.m. πŸ”„ Last Modified: March 27, 2026, 1:56 p.m.

7.8

CVSS3.1

CVE-2024-9780 - Missing Initialization of a Variable in Wireshark

ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file

πŸ“… Published: Oct. 10, 2024, 6:30 a.m. πŸ”„ Last Modified: March 27, 2026, 1:56 p.m.
Total resulsts: 349182
Page 8331 of 34,919
Β« previous page Β» next page
Filters