Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-14 CVE-2024-48909 Unspecified vulnerability in Authzed Spicedb
SpiceDB is an open source database for scalably storing and querying fine-grained authorization data.
network
low complexity
authzed
2.4
2.4
2024-10-14 CVE-2024-48911 Incorrect Authorization vulnerability in Thinkst Opencanary
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file.
local
low complexity
thinkst CWE-863
7.8
7.8
2024-10-14 CVE-2024-6207 Unspecified vulnerability in Rockwellautomation products
CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html  and send a specially crafted CIP message to the device.
network
low complexity
rockwellautomation
7.5
7.5
2024-10-14 CVE-2024-46980 Cross-site Scripting vulnerability in Enalean Tuleap
Tuleap is a tool for end to end traceability of application and system developments.
network
low complexity
enalean CWE-79
4.8
4.8
2024-10-14 CVE-2024-46988 Improper Handling of Exceptional Conditions vulnerability in Enalean Tuleap
Tuleap is a tool for end to end traceability of application and system developments.
network
low complexity
enalean CWE-755
5.7
5.7
2024-10-14 CVE-2024-47766 Improper Handling of Exceptional Conditions vulnerability in Enalean Tuleap
Tuleap is a tool for end to end traceability of application and system developments.
network
low complexity
enalean CWE-755
4.9
4.9
2024-10-14 CVE-2024-47767 Improper Handling of Exceptional Conditions vulnerability in Enalean Tuleap
Tuleap is a tool for end to end traceability of application and system developments.
network
low complexity
enalean CWE-755
4.3
4.3
2024-10-14 CVE-2024-47826 Code Injection vulnerability in Elabftw
eLabFTW is an open source electronic lab notebook for research labs.
network
low complexity
elabftw CWE-94
6.1
6.1
2024-10-14 CVE-2024-47831 Uncontrolled Recursion vulnerability in Vercel Next.Js
Next.js is a React Framework for the Web.
network
low complexity
vercel CWE-674
7.5
7.5
2024-10-14 CVE-2024-45731 Path Traversal vulnerability in Splunk
In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive.
network
low complexity
splunk CWE-22
8.0
8.0