|
306551
|
5.4 |
MEDIUM
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **Cross-Site Scripting (XSS)** on any Gradio server that allows file uploads. Authenticated users c…
|
CWE-79
Cross-site Scripting
|
CVE-2024-47872
|
2024-10-18 01:54 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306552
|
9.8 |
CRITICAL
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-47167
|
2024-10-18 01:53 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306553
|
5.3 |
MEDIUM
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a **one-level read path traversal** in the `/custom_component` endpoint. Attackers can exploit this…
|
CWE-22
Path Traversal
|
CVE-2024-47166
|
2024-10-18 01:48 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306554
|
9.8 |
CRITICAL
Network
|
hdfgroup
|
hdf5
|
HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-32608
|
2024-10-18 01:47 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306555
|
5.4 |
MEDIUM
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **CORS origin validation accepting a null origin**. When a Gradio server is deployed locally, the…
|
NVD-CWE-noinfo
|
CVE-2024-47165
|
2024-10-18 01:46 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306556
|
6.5 |
MEDIUM
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to the **bypass of directory traversal checks** within the `is_in_or_equal` function. This function,…
|
CWE-22
Path Traversal
|
CVE-2024-47164
|
2024-10-18 01:40 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306557
|
8.3 |
HIGH
Network
|
gradio_project
|
gradio
|
Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to **CORS origin validation**, where the Gradio server fails to validate the request origin when …
|
NVD-CWE-Other
|
CVE-2024-47084
|
2024-10-18 01:30 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306558
|
8.8 |
HIGH
Network
|
microchip
|
timeprovider_4100_firmware
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 (Co…
|
CWE-78
OS Command
|
CVE-2024-9054
|
2024-10-18 00:19 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306559
|
6.5 |
MEDIUM
Adjacent
|
microchip
|
timeprovider_4100_firmware
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data plot modules) allows SQL Injection.This issue affects TimeProvi…
|
CWE-89
SQL Injection
|
CVE-2024-7801
|
2024-10-18 00:19 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306560
|
9.8 |
CRITICAL
Network
|
microchip
|
timeprovider_4100_firmware
|
Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
|
CWE-287
Improper Authentication
|
CVE-2024-43685
|
2024-10-18 00:17 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
