|
309621
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Always drain health in shutdown callback
There is no point in recovery during device shutdown. if health
work started n…
|
-
|
CVE-2024-43866
|
2024-10-17 23:15 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309622
|
6.1 |
MEDIUM
Network
|
phpoffice
|
phpspreadsheet
|
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. One of the sample scripts in PhpSpreadsheet is susceptible to a cross-site scripting (XSS) vulnerability due to imprope…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45060
|
2024-10-17 23:14 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309623
|
5.5 |
MEDIUM
Local
|
fortra
|
robot_schedule
|
Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-8264
|
2024-10-17 23:06 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309624
|
2.7 |
LOW
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to properly enforce permissions which allows a team admin user without "Add Team Members" permission to disable the invite URL.
|
NVD-CWE-noinfo
|
CVE-2024-40884
|
2024-10-17 23:05 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309625
|
9.8 |
CRITICAL
Network
|
online_health_care_system_project
|
online_health_care_system
|
A vulnerability classified as critical has been found in SourceCodester Online Health Care System 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument f_name …
|
CWE-89
SQL Injection
|
CVE-2024-8080
|
2024-10-17 23:04 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309626
|
6.5 |
MEDIUM
Network
|
ampache
|
ampache
|
ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is a…
|
CWE-352
Origin Validation Error
|
CVE-2024-47828
|
2024-10-17 22:55 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309627
|
4.3 |
MEDIUM
Network
|
enalean
|
tuleap
|
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 1…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2024-47767
|
2024-10-17 22:50 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309628
|
4.9 |
MEDIUM
Network
|
enalean
|
tuleap
|
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 1…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2024-47766
|
2024-10-17 22:48 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309629
|
6.1 |
MEDIUM
Network
|
wp-slimstat
|
slimstat_analytics
|
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the resource parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9548
|
2024-10-17 22:46 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309630
|
5.3 |
MEDIUM
Network
|
xplodedthemes
|
wpide
|
The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.4.9. This is due to the plugin utilizing the PHP-Parser libra…
|
NVD-CWE-noinfo
|
CVE-2024-9546
|
2024-10-17 22:34 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
