Show filters
1,063 Total Results
Displaying 81-90 of 1,063
Sort by:
Attacker Value
Unknown

CVE-2024-6406

Disclosure Date: September 18, 2024 (last updated September 19, 2024)
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Yordam Information Technology Mobile Library Application allows Retrieve Embedded Sensitive Data.This issue affects Mobile Library Application: before 5.0.
0
Attacker Value
Unknown

CVE-2024-5682

Disclosure Date: September 18, 2024 (last updated September 19, 2024)
Improper Restriction of Excessive Authentication Attempts vulnerability in Yordam Information Technology Yordam Library Automation System allows Interface Manipulation.This issue affects Yordam Library Automation System: before 20.1.
0
Attacker Value
Unknown

CVE-2024-6876

Disclosure Date: September 10, 2024 (last updated September 24, 2024)
Out-of-Bounds read vulnerability in OSCAT Basic Library allows an local, unprivileged attacker to access limited internal data of the PLC which may lead to a crash of the affected service.
Attacker Value
Unknown

CVE-2024-7858

Disclosure Date: August 30, 2024 (last updated September 04, 2024)
The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions related to managing media files and folder along with controlling settings.
Attacker Value
Unknown

CVE-2024-8297

Disclosure Date: August 29, 2024 (last updated August 31, 2024)
A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_middleware.go. The manipulation of the argument Authorization leads to improper output neutralization for logs. It is possible to launch the attack remotely. The name of the patch is 81b3336b4c9240f0bf50c13cb8375cf860d945f1. It is recommended to apply a patch to fix this issue.
Attacker Value
Unknown

CVE-2024-7857

Disclosure Date: August 29, 2024 (last updated January 05, 2025)
The Media Library Folders plugin for WordPress is vulnerable to second order SQL Injection via the 'sort_type' parameter of the 'mlf_change_sort_type' AJAX action in all versions up to, and including, 8.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
0
Attacker Value
Unknown

CVE-2024-7071

Disclosure Date: August 27, 2024 (last updated August 31, 2024)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in Brain Information Technologies Inc. Brain Low-Code allows SQL Injection.This issue affects Brain Low-Code: before 2.1.0.
Attacker Value
Unknown

CVE-2024-43337

Disclosure Date: August 26, 2024 (last updated August 28, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.7.0.
Attacker Value
Unknown

CVE-2024-31842

Disclosure Date: August 20, 2024 (last updated September 14, 2024)
An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover.
Attacker Value
Unknown

CVE-2024-43377

Disclosure Date: August 20, 2024 (last updated August 27, 2024)
Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2.