Page(s) : 1 ... 58 59 60 61 62 63 64 65 66 67 [68] 69 70 71 72 73 74 75 76 77 78 ... | Result(s) : 39724 |
Alerts
DATE | NAME | CATEGORIES | DETAIL | |
---|---|---|---|---|
9.8 | 2023-11-21 | CVE-2023-48699 | cve | fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Prior to version 0.1.5, an attacker could modify the locators.i... |
9.8 | 2023-11-21 | CVE-2023-48228 | cve | authentik is an open-source identity provider. When initialising a oauth2 flow with a `code_challenge` and `code_method` (thus requesting PKCE), the single sign-on provider (aut... |
9.8 | 2023-11-21 | CVE-2023-48230 | cve | Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a bu... |
9.8 | 2023-11-21 | CVE-2023-49105 | cve | An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known,... |
9.8 | 2023-11-21 | CVE-2023-6248 | cve | The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 dev... |
9.8 | 2023-11-21 | CVE-2023-49060 | cve | An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. This vulnerability affects Firefox for... |
9.8 | 2023-11-21 | CVE-2023-5055 | cve | Possible variant of CVE-2021-3434 in function le_ecred_reconf_req. |
9.8 | 2023-11-21 | CVE-2023-4149 | cve | A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Those commands are execut... |
9.8 | 2023-11-21 | CVE-2023-42770 | cve | Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same mess... |
9.8 | 2023-11-21 | CVE-2023-40151 | cve | When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enable... |
9.8 | 2023-11-20 | CVE-2023-38880 | cve | The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a d... |
9.8 | 2023-11-20 | CVE-2023-5340 | cve | The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to pe... |
9.8 | 2023-11-20 | CVE-2023-5640 | cve | The Article Analytics WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users... |
9.8 | 2023-11-20 | CVE-2023-5652 | cve | The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a fun... |
9.8 | 2023-11-20 | CVE-2023-38823 | cve | Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. |
9.8 | 2023-11-20 | CVE-2023-46990 | cve | Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. |
9.8 | 2023-11-20 | CVE-2023-48176 | cve | An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token). |
9.8 | 2023-11-20 | CVE-2023-29155 | cve | Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain ad... |
9.8 | 2023-11-20 | CVE-2023-35762 | cve | Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution. |
9.8 | 2023-11-20 | CVE-2022-46337 | cve | A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk De... |
Page(s) : 1 ... 58 59 60 61 62 63 64 65 66 67 [68] 69 70 71 72 73 74 75 76 77 78 ... | Result(s) : 39724 |