9.1

CVSS3.1

CVE-2024-46942 -

In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment.

πŸ“… Published: Sept. 15, 2024, midnight πŸ”„ Last Modified: March 14, 2025, 7:15 p.m.

9.1

CVSS3.1

CVE-2024-46943 -

An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information.

πŸ“… Published: Sept. 15, 2024, midnight πŸ”„ Last Modified: March 14, 2025, 7:15 p.m.

9.8

CVSS3.1

CVE-2024-46918 -

app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.

πŸ“… Published: Sept. 15, 2024, midnight πŸ”„ Last Modified: March 13, 2025, 3:15 p.m.

7.5

CVSS3.1

CVE-2024-46938 -

An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.

πŸ“… Published: Sept. 15, 2024, midnight πŸ”„ Last Modified: Sept. 20, 2024, 6:15 p.m.

0.0

CVE-2024-46915 -

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

πŸ“… Published: Sept. 15, 2024, midnight πŸ”„ Last Modified: April 16, 2025, 1:15 p.m.

0.0

CVE-2024-46914 -

DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

πŸ“… Published: Sept. 15, 2024, midnight πŸ”„ Last Modified: Oct. 22, 2024, 10:15 p.m.

5.3

CVSS4.0

CVE-2024-8863 - aimhubio aim Text Explorer textbox.tsx dangerouslySetInnerHTML cross site scripting

A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the att…

πŸ“… Published: Sept. 14, 2024, 11 p.m. πŸ”„ Last Modified: Sept. 20, 2024, 3:43 p.m.

6.9

CVSS4.0

CVE-2024-8862 - h2oai h2o-3 JDBC Connection 1 getConnectionSafe deserialization

A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be i…

πŸ“… Published: Sept. 14, 2024, 7:31 p.m. πŸ”„ Last Modified: Sept. 20, 2024, 3:47 p.m.

8.8

CVSS3.1

CVE-2024-6482 - Login with phone number <= 1.7.49 - Authenticated (Subscriber+) Authorization Bypass to Privilege E…

The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwp_update_password_action' function. This makes it possible for authen…

πŸ“… Published: Sept. 14, 2024, 12:31 p.m. πŸ”„ Last Modified: April 8, 2026, 5:28 p.m.

5.4

CVSS3.1

CVE-2023-3410 - Bricks <= 1.10.1 - Authenticated (Bricks Page Builder Access+) Stored Cross-Site Scripting

The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to the Bricks Builder (admin…

πŸ“… Published: Sept. 14, 2024, 8:37 a.m. πŸ”„ Last Modified: April 8, 2026, 5:18 p.m.
Total resulsts: 349182
Page 8564 of 34,919
Β« previous page Β» next page
Filters