Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-23 | CVE-2024-49675 | Unspecified vulnerability in Vitaliibryl Switch User Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii Bryl iBryl Switch User allows Authentication Bypass.This issue affects iBryl Switch User: from n/a through 1.0.1. | 8.8 |
2024-10-23 | CVE-2024-5764 | Use of Hard-coded Credentials vulnerability in Sonatype Nexus Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (SMTP or HTTP proxy credentials, user tokens, tokens, among others). | 6.5 |
2024-10-23 | CVE-2024-10250 | Cross-site Scripting vulnerability in Steelthemes Nioland The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. | 6.1 |
2024-10-23 | CVE-2024-10280 | NULL Pointer Dereference vulnerability in Tenda products A vulnerability was found in Tenda AC6, AC7, AC8, AC9, AC10, AC10U, AC15, AC18, AC500 and AC1206 up to 20241022. | 7.5 |
2024-10-23 | CVE-2024-10281 | Out-of-bounds Write vulnerability in Tenda RX9 PRO Firmware 22.03.02.10/22.03.02.20 A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. | 8.8 |
2024-10-23 | CVE-2024-10278 | SQL Injection vulnerability in Esafenet CDG 5 A vulnerability was found in ESAFENET CDG 5. | 9.8 |
2024-10-23 | CVE-2024-10279 | SQL Injection vulnerability in Esafenet CDG 5 A vulnerability was found in ESAFENET CDG 5. | 9.8 |
2024-10-23 | CVE-2024-10277 | SQL Injection vulnerability in Esafenet CDG 5 A vulnerability was found in ESAFENET CDG 5 and classified as critical. | 9.8 |
2024-10-23 | CVE-2024-10286 | Cross-site Scripting vulnerability in Ujangrohidin Localserver 1.0.9 Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /testmail/index.php, parameter to. | 6.1 |
2024-10-23 | CVE-2024-10287 | Cross-site Scripting vulnerability in Ujangrohidin Localserver 1.0.9 Cross-Site Scripting (XSS) vulnerability affecting LocalServer 1.0.9 that could allow a remote user to send a specially crafted query to an authenticated user and steal their session details through /mlss/ForgotPassword, parameter ListName. | 6.1 |