|
310091
|
5.3 |
MEDIUM
Network
|
lizardbyte
|
sunshine
|
Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing a…
|
NVD-CWE-noinfo
|
CVE-2024-45407
|
2024-09-21 01:18 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310092
|
4.7 |
MEDIUM
Network
|
openjsf
|
express
|
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43796
|
2024-09-21 01:07 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310093
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease
It is not safe to dereference fl->c.flc_owner without fir…
|
NVD-CWE-noinfo
|
CVE-2024-46690
|
2024-09-21 00:55 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310094
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: cmd-db: Map shared memory as WC, not WB
Linux does not write into cmd-db region. This region of memory is write
protec…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46689
|
2024-09-21 00:52 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310095
|
9.8 |
CRITICAL
Network
|
h2o
|
h2o
|
A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Conn…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8862
|
2024-09-21 00:47 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310096
|
5.4 |
MEDIUM
Network
|
aimstack
|
aim
|
A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8863
|
2024-09-21 00:43 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310097
|
6.1 |
MEDIUM
Network
|
autocms_project
|
autocms
|
A vulnerability was found in AutoCMS 5.4. It has been classified as problematic. This affects an unknown part of the file /admin/robot.php. The manipulation of the argument sidebar leads to cross sit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8866
|
2024-09-21 00:36 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310098
|
6.1 |
MEDIUM
Network
|
onlyoffice
|
document_server
|
ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Fun…
|
CWE-79
Cross-site Scripting
|
CVE-2023-50883
|
2024-09-21 00:18 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310099
|
7.5 |
HIGH
Network
|
litellm
|
litellm
|
A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/c…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-6587
|
2024-09-20 23:55 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310100
|
9.8 |
CRITICAL
Network
|
thinkphp
|
thinkphp
|
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-44902
|
2024-09-20 23:55 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
