|
304901
|
7.1 |
HIGH
Network
|
lollms
|
lollms_web_ui
|
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a mult…
|
CWE-352
Origin Validation Error
|
CVE-2024-6959
|
2024-11-4 02:15 |
2024-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304902
|
2.7 |
LOW
Network
|
openwebui
|
open_webui
|
An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-7038
|
2024-11-4 02:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304903
|
4.3 |
MEDIUM
Network
|
lunary
|
lunary
|
A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-6582
|
2024-11-4 02:15 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304904
|
7.1 |
HIGH
Local
|
apple
|
macos
|
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass …
|
NVD-CWE-noinfo
|
CVE-2024-44159
|
2024-11-2 06:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304905
|
- |
|
-
|
-
|
Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLog…
|
-
|
CVE-2024-37879
|
2024-11-2 06:35 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304906
|
- |
|
-
|
-
|
The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks.
|
-
|
CVE-2024-7084
|
2024-11-2 06:35 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304907
|
5.3 |
MEDIUM
Adjacent
|
gotenna
|
gotenna_pro
|
The goTenna Pro App uses a weak password for sharing encryption keys via
the key broadcast method. If the broadcasted encryption key is captured
over RF, and password is cracked via brute force att…
|
CWE-521
Weak Password Requirements
|
CVE-2024-47121
|
2024-11-2 05:39 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304908
|
6.5 |
MEDIUM
Network
|
lollms
|
lollms_web_ui
|
A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The en…
|
CWE-352
Origin Validation Error
|
CVE-2024-6673
|
2024-11-2 05:37 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304909
|
7.8 |
HIGH
Local
|
adobe
|
illustrator
|
Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2024-34121
|
2024-11-2 05:35 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304910
|
7.1 |
HIGH
Network
|
lollms
|
lollms_web_ui
|
A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from othe…
|
CWE-346
Origin Validation Error
|
CVE-2024-6674
|
2024-11-2 05:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
