4.6
CVE-2024-8660 - Stored XSS in the "Top Navigator Bar" block
Concrete CMS versions 9.0.0 through 9.3.3 are affected by a stored XSS vulnerability in the "Top Navigator Bar" block. Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue administrator could add a malicious payload that could be executed when targeted users visited the homeβ¦
10
CVE-2024-45798 - Multiple Poisoned Pipeline Execution (PPE) vulnerabilities
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml` workflow (`GHSL-2024-169`) and environment β¦
5.3
CVE-2024-8945 - CodeCanyon RISE Ultimate Project Manager save sql injection
A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit hβ¦
6.9
CVE-2024-8944 - code-projects Hospital Management System check_availability.php sql injection
A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. This affects an unknown part of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit hβ¦
7.2
CVE-2024-42503 - Authenticated Remote Command Execution (RCE) Vulnerability in the Lua Package Within the AOS Commanβ¦
Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system.
5.5
CVE-2024-38380 - Millbeck Communications Proroute H685t-w Cross-site Scripting.
This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session.
7.2
CVE-2024-42502 - Authenticated Remote Command Execution (RCE) Vulnerability in the AOS Command Line Interface
Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system.
7.2
CVE-2024-42501 - Authenticated Path Traversal Vulnerability Leads to a Remote Command Execution (RCE)
An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants.
8.8
CVE-2024-45682 - Millbeck Communications Proroute H685t-w Command Injection.
There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.
7.5
CVE-2024-38813 - Privilege escalation vulnerability
The vCenter Server contains a privilege escalation vulnerability.Β A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.