Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-23 CVE-2024-49675 Unspecified vulnerability in Vitaliibryl Switch User
Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii Bryl iBryl Switch User allows Authentication Bypass.This issue affects iBryl Switch User: from n/a through 1.0.1.
network
low complexity
vitaliibryl
8.8
2024-10-23 CVE-2024-5764 Use of Hard-coded Credentials vulnerability in Sonatype Nexus
Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others).
network
low complexity
sonatype CWE-798
6.5
2024-10-23 CVE-2024-10250 Cross-site Scripting vulnerability in Steelthemes Nioland
The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping.
network
low complexity
steelthemes CWE-79
6.1
2024-10-23 CVE-2024-10280 NULL Pointer Dereference vulnerability in Tenda products
A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022.
network
low complexity
tenda CWE-476
7.5
2024-10-23 CVE-2024-10281 Out-of-bounds Write vulnerability in Tenda RX9 PRO Firmware 22.03.02.10/22.03.02.20
A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20.
network
low complexity
tenda CWE-787
8.8
2024-10-23 CVE-2024-10278 SQL Injection vulnerability in Esafenet CDG 5
A vulnerability was found in ESAFENET CDG 5.
network
low complexity
esafenet CWE-89
critical
9.8
2024-10-23 CVE-2024-10279 SQL Injection vulnerability in Esafenet CDG 5
A vulnerability was found in ESAFENET CDG 5.
network
low complexity
esafenet CWE-89
critical
9.8
2024-10-23 CVE-2024-10277 SQL Injection vulnerability in Esafenet CDG 5
A vulnerability was found in ESAFENET CDG 5 and classified as critical.
network
low complexity
esafenet CWE-89
critical
9.8
2024-10-23 CVE-2024-10286 Cross-site Scripting vulnerability in Ujangrohidin Localserver 1.0.9
Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /testmail/index.php, parameter to.
network
low complexity
ujangrohidin CWE-79
6.1
2024-10-23 CVE-2024-10287 Cross-site Scripting vulnerability in Ujangrohidin Localserver 1.0.9
Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName.
network
low complexity
ujangrohidin CWE-79
6.1