6.1
CVE-2024-8646 - Eclipse Glassfish: URL redirection vulnerability to untrusted sites
In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the roβ¦
9.8
CVE-2024-6091 - Shell Command Denylist Bypass in significant-gravitas/autogpt
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executing β¦
9.3
CVE-2024-45790 - User Enumeration vulnerability
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to gaβ¦
6.9
CVE-2024-45789 - Parameter Tampering Vulnerability
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the βmodeβ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body on the vulnerabβ¦
8.7
CVE-2024-45788 - No Rate Limiting Vulnerability
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/flβ¦
8.7
CVE-2024-45787 - Information Disclosure Vulnerability
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the API β¦
8.7
CVE-2024-45786 - Improper Authorization Vulnerability
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead to gain unauthorized access to sensitive inβ¦
9.2
CVE-2024-7609 - Directory Traversal in Vidco Software's VOC TESTER
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal.This issue affects VOC TESTER: before 12.34.8.
5.4
CVE-2024-5416 - Elementor Website Builder β More than Just a Page Builder <= 3.23.4 - Authenticated (Contributor+) β¦
The Elementor Website Builder β More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and including, 3.23.4 due to insufficient input sanitization and output escaping on user supplied attributβ¦
7.1
CVE-2024-45327 -
An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTβ¦