Page(s) : 1 2 3 4 5 6 [7] 8 9 10 11 12 13 14 15 16 17 ... | Result(s) : 39741 |
Alerts
DATE | NAME | CATEGORIES | DETAIL | |
---|---|---|---|---|
9.8 | 2024-02-09 | CVE-2024-25674 | cve | An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type. |
9.8 | 2024-02-09 | CVE-2024-25675 | cve | An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php an... |
9.8 | 2024-02-09 | CVE-2024-25678 | cve | In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. |
9.8 | 2024-02-09 | CVE-2024-1353 | cve | A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.p... |
9.1 | 2024-02-09 | CVE-2023-43609 | cve | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-o... |
9.8 | 2024-02-09 | CVE-2023-46687 | cve | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote compu... |
9.8 | 2024-02-09 | CVE-2023-49716 | cve | In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer. |
9.8 | 2024-02-08 | CVE-2023-47132 | cve | An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls. |
9.8 | 2024-02-08 | CVE-2024-0242 | cve | Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings. |
9.8 | 2024-02-08 | CVE-2024-22836 | cve | An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on ... |
9.8 | 2024-02-08 | CVE-2024-24495 | cve | SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request. |
9.8 | 2024-02-08 | CVE-2024-24496 | cve | An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components. |
9.8 | 2024-02-08 | CVE-2023-40266 | cve | An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal. |
9.8 | 2024-02-08 | CVE-2024-24393 | cve | File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request. |
9.8 | 2024-02-08 | CVE-2023-42282 | cve | The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic. |
9.8 | 2024-02-08 | CVE-2024-25189 | cve | libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. |
9.8 | 2024-02-08 | CVE-2024-25190 | cve | l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. |
9.8 | 2024-02-08 | CVE-2024-25191 | cve | php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. |
9.8 | 2024-02-08 | CVE-2023-50061 | cve | PrestaShop Op'art Easy Redirect >= 1.3.8 and |
9.8 | 2024-02-08 | CVE-2024-24213 | cve | Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an i... |
Page(s) : 1 2 3 4 5 6 [7] 8 9 10 11 12 13 14 15 16 17 ... | Result(s) : 39741 |