Skip to main content
CVE-2024-46635 MEDIUM This Month

An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-8455 MEDIUM This Month

The swctrl service is used to detect and remotely manage PLANET Technology devices. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware Igs 5225 4Up1T2S Firmware
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2024-46869 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel_pcie: Allocate memory for driver private data Fix driver not allocating memory for struct btintel_data which is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-47172 MEDIUM PATCH This Month

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Computer Vision Annotation Tool
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-45792 MEDIUM PATCH This Month

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mantisbt
NVD GitHub
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-8459 MEDIUM This Month

Certain switch models from PLANET Technology store SNMPv3 users' passwords in plaintext within the configuration files, allowing remote attackers with administrator privileges to read the file and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-8453 MEDIUM This Month

Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2024-45073 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-46475 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-8457 MEDIUM This Month

Certain switch models from PLANET Technology have a web application that does not properly validate specific parameters, allowing remote authenticated users with administrator privileges to inject. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gs 4210 24P2S Firmware Gs 4210 24Pl4C Firmware
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-9158 MEDIUM This Month

A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

RCE XSS Nessus Network Monitor
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-35495 MEDIUM This Month

An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-6051 MEDIUM This Month

Cross Application Scripting vulnerability in Vercom S.A. Rated medium severity (CVSS 4.3). No vendor patch available.

Code Injection
NVD
CVSS 4.0
4.3
EPSS
0.2%
CVE-2024-28811 LOW Monitor

An issue was discovered in Infinera hiT 7300 5.60.50. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE Hit 7300 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2024-28808 LOW Monitor

An issue was discovered in Infinera hiT 7300 5.60.50. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hit 7300 Firmware
NVD
CVSS 3.1
2.7
EPSS
0.4%
CVE-2024-42496 LOW Monitor

Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of a password. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google
NVD
CVSS 3.0
2.4
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy