|
303261
|
4.8 |
MEDIUM
Network
|
phpgurukul
|
user_registration_\&_login_and_user_management_system
|
A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows rem…
|
CWE-79
Cross-site Scripting
|
CVE-2024-48284
|
2024-11-20 00:45 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303262
|
4.3 |
MEDIUM
Network
|
janeczku
|
calibre-web
|
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `…
|
CWE-862
Missing Authorization
|
CVE-2021-3987
|
2024-11-20 00:44 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303263
|
6.1 |
MEDIUM
Network
|
janeczku
|
calibre-web
|
A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover o…
|
CWE-79
Cross-site Scripting
|
CVE-2021-3988
|
2024-11-20 00:43 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303264
|
4.3 |
MEDIUM
Network
|
viwis
|
learning_management_system
|
A vulnerability was found in VIWIS LMS 9.11. It has been classified as critical. Affected is an unknown function of the component Print Handler. The manipulation leads to missing authorization. It is…
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2024-8001
|
2024-11-20 00:41 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303265
|
7.4 |
HIGH
Network
|
linuxfoundation
|
harbor
|
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution …
|
CWE-863
Incorrect Authorization
|
CVE-2022-31671
|
2024-11-20 00:40 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303266
|
7.2 |
HIGH
Network
|
mayurik
|
best_employee_management_system
|
A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulati…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11214
|
2024-11-20 00:38 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303267
|
9.8 |
CRITICAL
Network
|
icdsoft
|
multimanager_wp
|
The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersona…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-11028
|
2024-11-20 00:38 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303268
|
- |
|
-
|
-
|
In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which e…
|
-
|
CVE-2024-10103
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303269
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component.
|
-
|
CVE-2024-33231
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303270
|
- |
|
-
|
-
|
StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Versions of step-security/harden-runner prior to v2.10.2 contain multipl…
|
CWE-78
OS Command
|
CVE-2024-52587
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
