Show filters
329,807 Total Results
Displaying 3,011-3,020 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown
CVE-2024-46475
Disclosure Date: September 30, 2024 (last updated October 01, 2024)
A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.
0
Attacker Value
Unknown
CVE-2024-47172
Disclosure Date: September 30, 2024 (last updated October 01, 2024)
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task, job or membership resource on the CVAT instance. The information exposed in this way is the same as the information returned on a GET request to the resource. In addition, the attacker can also alter the default source and target storage associated with any project or task. Upgrade to CVAT 2.19.1 or any later version to fix the issue.
0
Attacker Value
Unknown
CVE-2024-47064
Disclosure Date: September 30, 2024 (last updated October 01, 2024)
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue.
0
Attacker Value
Unknown
CVE-2024-47063
Disclosure Date: September 30, 2024 (last updated October 01, 2024)
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing task can trick another logged-in user into visiting a maliciously-constructed URL, they can initiate any API calls on that user's behalf. This gives the attacker temporary access to all data that the victim user has access to. Upgrade to CVAT 2.19.0 or a later version to fix this issue.
0
Attacker Value
Unknown
CVE-2024-46313
Disclosure Date: September 30, 2024 (last updated October 01, 2024)
TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSurveyRpm.htm.
0
Attacker Value
Unknown
CVE-2024-46293
Disclosure Date: September 30, 2024 (last updated October 01, 2024)
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether the user is logged in as an admin or even check for a session token at all.
0
Attacker Value
Unknown
CVE-2024-46280
Disclosure Date: September 30, 2024 (last updated October 01, 2024)
PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is enabled with weak credentials for a root-level account, without the possibility of changing them.
0
Attacker Value
Unknown
CVE-2024-45792
Disclosure Date: September 30, 2024 (last updated October 01, 2024)
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Using a crafted POST request, an unprivileged, registered user is able to retrieve information about other users' personal system profiles. This vulnerability is fixed in 2.26.4.
0
Attacker Value
Unknown
CVE-2024-6051
Disclosure Date: September 30, 2024 (last updated October 01, 2024)
Cross Application Scripting vulnerability in Vercom S.A. Redlink SDK in specific situations allows local code injection and to manipulate the view of a vulnerable application.This issue affects Redlink SDK versions through 1.13.
0
Attacker Value
Unknown
CVE-2024-47641
Disclosure Date: September 30, 2024 (last updated October 01, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloperr Confetti Fall Animation allows Stored XSS.This issue affects Confetti Fall Animation: from n/a through 1.3.0.
0