Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-06 CVE-2024-10318 Session Fixation vulnerability in F5 products
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time.
network
low complexity
f5 CWE-384
5.4
2024-11-06 CVE-2024-20525 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
network
low complexity
cisco CWE-79
6.1
2024-11-06 CVE-2024-20530 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
network
low complexity
cisco CWE-79
6.1
2024-11-06 CVE-2024-20531 Server-Side Request Forgery (SSRF) vulnerability in Cisco Identity Services Engine
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device.
network
low complexity
cisco CWE-918
6.5
2024-11-06 CVE-2024-20537 Incorrect Authorization vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator permissions.
network
low complexity
cisco CWE-863
6.5
2024-11-06 CVE-2024-20538 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input.
network
low complexity
cisco CWE-79
6.1
2024-11-06 CVE-2024-20539 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input.
network
low complexity
cisco CWE-79
4.8
2024-11-06 CVE-2024-10919 OS Command Injection vulnerability in Didi Super-Jacoco 1.0
A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical.
network
low complexity
didi CWE-78
critical
9.8
2024-11-06 CVE-2024-10920 Use of Hard-coded Credentials vulnerability in Mariazevedo88 Travels-Java-Api
A vulnerability was found in mariazevedo88 travels-java-api up to 5.0.1 and classified as problematic.
network
high complexity
mariazevedo88 CWE-798
3.7
2024-11-06 CVE-2024-10916 Unspecified vulnerability in Dlink products
A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028.
network
low complexity
dlink
5.3