Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-25 | CVE-2022-30358 | Incorrect Authorization vulnerability in Ovaledge OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. | 8.8 |
| 2024-10-25 | CVE-2022-30359 | Insecure Storage of Sensitive Information vulnerability in Ovaledge OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. | 4.3 |
| 2024-10-25 | CVE-2022-30360 | Cross-site Scripting vulnerability in Ovaledge OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS (AKA Persistent or Type II) vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. | 6.4 |
| 2024-10-25 | CVE-2022-30361 | Insecure Storage of Sensitive Information vulnerability in Ovaledge OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. | 5.3 |
| 2024-10-25 | CVE-2024-10386 | Unspecified vulnerability in Rockwellautomation Thinmanager CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. | 9.8 |
| 2024-10-25 | CVE-2024-10387 | Unspecified vulnerability in Rockwellautomation Thinmanager CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. | 7.5 |
| 2024-10-25 | CVE-2024-48428 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Olivegroup Olivevle An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password function. | 9.8 |
| 2024-10-25 | CVE-2024-49381 | Path Traversal vulnerability in Plenti Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. | 7.5 |
| 2024-10-25 | CVE-2024-10380 | SQL Injection vulnerability in Mayurik Petrol Pump Management 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. | 7.5 |
| 2024-10-25 | CVE-2024-10381 | Unspecified vulnerability in Matrixcomsec Cosec Vega Faxq Firmware This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. | 9.8 |