|
309461
|
5.3 |
MEDIUM
Network
|
redhat
|
openshift_container_platform
|
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and …
|
NVD-CWE-noinfo
|
CVE-2024-50312
|
2024-10-31 03:35 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309462
|
7.5 |
HIGH
Network
|
mozilla
|
thunderbird
firefox
|
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox E…
|
NVD-CWE-noinfo
|
CVE-2024-9399
|
2024-10-31 03:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309463
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
thunderbird
firefox_esr
|
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vuln…
|
NVD-CWE-noinfo
|
CVE-2024-9398
|
2024-10-31 03:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309464
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
firefox_esr
|
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This ac…
|
NVD-CWE-Other
|
CVE-2024-9394
|
2024-10-31 03:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309465
|
- |
|
-
|
-
|
Insufficient access controls in ASP kernel may allow a
privileged attacker with access to AMD signing keys and the BIOS menu or UEFI
shell to map DRAM regions in protected areas, potentially leading …
|
-
|
CVE-2021-26387
|
2024-10-31 03:35 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309466
|
6.1 |
MEDIUM
Network
|
projectworlds
|
simple_web-based_chat_application
|
A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manip…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10433
|
2024-10-31 03:31 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309467
|
8.8 |
HIGH
Network
|
agnai
|
agnai
|
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen …
|
CWE-434
CWE-35
Unrestricted Upload of File with Dangerous Type
Path Traversal: '.../...//'
|
CVE-2024-47169
|
2024-10-31 03:25 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309468
|
6.1 |
MEDIUM
Network
|
cvat
|
computer_vision_annotation_tool
|
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing ta…
|
CWE-79
Cross-site Scripting
|
CVE-2024-47063
|
2024-10-31 03:24 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309469
|
9.8 |
CRITICAL
Network
|
filemanagerpro
|
file_manager
|
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible …
|
CWE-862
Missing Authorization
|
CVE-2018-25105
|
2024-10-31 03:23 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309470
|
6.1 |
MEDIUM
Network
|
cvat
|
computer_vision_annotation_tool
|
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed UR…
|
CWE-79
CWE-81
Cross-site Scripting
Improper Neutralization of Script in an Error Message Web Page
|
CVE-2024-47064
|
2024-10-31 03:23 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
