|
312171
|
- |
|
-
|
-
|
changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, `source:file:///etc/passwd` can be used to retrieve local…
|
-
|
CVE-2024-51483
|
2024-11-2 02:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312172
|
- |
|
-
|
-
|
`oak` is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. By default `oak` does not allow transferring of hidden files with `Cont…
|
CWE-22
CWE-35
Path Traversal
Path Traversal: '.../...//'
|
CVE-2024-49770
|
2024-11-2 02:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312173
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
|
-
|
CVE-2024-41744
|
2024-11-2 02:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312174
|
8.8 |
HIGH
Network
|
microchip
|
timeprovider_4100_firmware
|
Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.
|
CWE-352
Origin Validation Error
|
CVE-2024-43684
|
2024-11-2 02:15 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312175
|
8.8 |
HIGH
Network
|
infiniflow
|
ragflow
|
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input `req['llm_factory']` and `req['…
|
CWE-77
Command Injection
|
CVE-2024-10131
|
2024-11-2 02:12 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312176
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Limit the number of concurrent async COPY operations
Nothing appears to limit the number of concurrent async COPY
operation…
|
NVD-CWE-noinfo
|
CVE-2024-49974
|
2024-11-2 01:52 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312177
|
7.2 |
HIGH
Network
|
projectworlds
|
online_time_table_generator
|
A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_cours…
|
CWE-89
SQL Injection
|
CVE-2024-10446
|
2024-11-2 01:39 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312178
|
- |
|
-
|
-
|
An issue was discovered in Ollama before 0.1.34. The CreateModelHandler function uses os.Open to read a file until completion. The req.Path parameter is user-controlled and can be set to /dev/random,…
|
-
|
CVE-2024-39721
|
2024-11-2 01:35 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312179
|
- |
|
-
|
-
|
An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveragin…
|
-
|
CVE-2024-39720
|
2024-11-2 01:35 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312180
|
- |
|
-
|
-
|
An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "Fi…
|
-
|
CVE-2024-39719
|
2024-11-2 01:35 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
