6.6
CVE-2024-53845 - AES/CBC Constant IV Vulnerability in ESPTouch v2
ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV (Initialization Vector) prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant throuβ¦
5.3
CVE-2024-12490 - code-projects Online Class and Exam Scheduling System teacher_save.php sql injection
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /pages/teacher_save.php. The manipulation of the argument salut leads to sql injection. The attack can be initiated remotely.β¦
2
CVE-2024-53274 - GHSL-2024-111: Reflected XSS in /home in habitica
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `home.vue` containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` paramβ¦
5
CVE-2024-53273 - GHSL-2024-110: Reflected XSS in /register in habitica
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `RegisterLoginReset.vue` contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `reβ¦
5
CVE-2024-53272 - GHSL-2024-109: Reflected XSS in /login in habitica
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `login` and `social media` function in `RegisterLoginReset.vue` contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can speβ¦
8.1
CVE-2024-45404 - OpenCTI's lack of Rate Limit lead to OTP brute forcing
OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the accoβ¦
5.3
CVE-2024-12489 - code-projects Online Class and Exam Scheduling System term.php sql injection
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/term.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploβ¦
7.8
CVE-2024-11872 - Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability
Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target systeβ¦
8.8
CVE-2024-11949 - GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists withiβ¦
9.8
CVE-2024-11948 - GFI Archiver Telerik Web UI Remote Code Execution Vulnerability
GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the product installer. The β¦