|
303241
|
5.5 |
MEDIUM
Local
|
trcore
|
dvc
|
The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content.
|
NVD-CWE-Other
|
CVE-2024-11308
|
2024-11-21 00:17 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303242
|
9.8 |
CRITICAL
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, lead…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11315
|
2024-11-21 00:16 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303243
|
9.8 |
CRITICAL
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, lead…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11314
|
2024-11-21 00:16 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303244
|
9.8 |
CRITICAL
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, lead…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11313
|
2024-11-21 00:16 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303245
|
9.8 |
CRITICAL
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, lead…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11312
|
2024-11-21 00:16 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303246
|
6.1 |
MEDIUM
Network
|
ibphoenix
|
ibwebadmin
|
A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. …
|
CWE-79
Cross-site Scripting
|
CVE-2024-11240
|
2024-11-21 00:09 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303247
|
4.3 |
MEDIUM
Network
|
themify
|
builder
|
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. This …
|
CWE-863
Incorrect Authorization
|
CVE-2024-7836
|
2024-11-21 00:09 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303248
|
9.6 |
CRITICAL
Network
|
github
|
cli
|
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been …
|
CWE-77
Command Injection
|
CVE-2024-52308
|
2024-11-21 00:07 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303249
|
5.4 |
MEDIUM
Network
|
librenms
|
librenms
|
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary Jav…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49754
|
2024-11-21 00:02 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303250
|
6.1 |
MEDIUM
Network
|
cleancoder
|
fitnesse
|
Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-39610
|
2024-11-21 00:02 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
