Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-09-27 CVE-2024-9293 SQL Injection vulnerability in Skyselang Yyladmin
A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0.
network
low complexity
skyselang CWE-89
8.8
8.8
2024-09-27 CVE-2024-25412 Cross-site Scripting vulnerability in Flatpress
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field.
network
low complexity
flatpress CWE-79
6.1
6.1
2024-09-27 CVE-2024-28948 Cross-Site Request Forgery (CSRF) vulnerability in Advantech Adam-5630 Firmware
Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability.
network
low complexity
advantech CWE-352
8.8
8.8
2024-09-27 CVE-2024-34542 Insufficiently Protected Credentials vulnerability in Advantech Adam-5630 Firmware
Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.
low complexity
advantech CWE-522
5.7
5.7
2024-09-27 CVE-2024-37187 Insufficiently Protected Credentials vulnerability in Advantech Adam-5550 Firmware
Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding.
low complexity
advantech CWE-522
5.7
5.7
2024-09-27 CVE-2024-38308 Cross-site Scripting vulnerability in Advantech Adam 5550-Firmware
Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests received are displayed to the user.
network
low complexity
advantech CWE-79
6.1
6.1
2024-09-27 CVE-2024-39275 Unspecified vulnerability in Advantech Adam-5630 Firmware
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed.
network
low complexity
advantech
8.8
8.8
2024-09-27 CVE-2024-9301 Path Traversal vulnerability in Netflix E2Nest
A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a
network
low complexity
netflix CWE-22
7.5
7.5
2024-09-27 CVE-2024-8630 SQL Injection vulnerability in Alisonic Sibylla Firmware
Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database.
network
low complexity
alisonic CWE-89
critical
 9.8
9.8
2024-09-27 CVE-2024-40510 Cross-site Scripting vulnerability in Openpetra 2023.02
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMCommon.asmx function.
network
low complexity
openpetra CWE-79
8.2
8.2