|
303701
|
8.1 |
HIGH
Network
|
ampache
|
ampache
|
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. …
|
CWE-352
Origin Validation Error
|
CVE-2024-51485
|
2024-11-15 05:06 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303702
|
4.3 |
MEDIUM
Network
|
futuriowp
|
futurio_extra
|
The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on wh…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10695
|
2024-11-15 04:44 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303703
|
6.1 |
MEDIUM
Network
|
wpplugin
|
contact_form_7_redirect_\&_thank_you_page
|
The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.0.6 due to insufficie…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10685
|
2024-11-15 04:40 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303704
|
7.5 |
HIGH
Network
|
onedev_project
|
onedev
|
OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This…
|
CWE-22
Path Traversal
|
CVE-2024-45309
|
2024-11-15 04:39 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303705
|
8.1 |
HIGH
Network
|
ampache
|
ampache
|
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. …
|
CWE-352
Origin Validation Error
|
CVE-2024-51487
|
2024-11-15 04:37 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303706
|
9.8 |
CRITICAL
Network
|
mikexstudios
|
xcomic
|
A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possi…
|
CWE-78
OS Command
|
CVE-2005-10003
|
2024-11-15 04:35 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303707
|
5.3 |
MEDIUM
Network
|
jetbrains
|
ktor
|
In JetBrains Ktor before 3.0.0 improper caching in HttpCache Plugin could lead to response information disclosure
|
NVD-CWE-Other
|
CVE-2024-49580
|
2024-11-15 04:25 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303708
|
6.1 |
MEDIUM
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
|
NVD-CWE-Other
|
CVE-2024-49579
|
2024-11-15 04:24 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303709
|
9.8 |
CRITICAL
Network
|
anisha
|
job_recruitment
|
A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /activation.php. The manipulation of the…
|
CWE-89
SQL Injection
|
CVE-2024-11076
|
2024-11-15 04:14 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303710
|
5.5 |
MEDIUM
Local
|
adobe
|
after_effects
|
After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability …
|
CWE-125
Out-of-bounds Read
|
CVE-2024-47446
|
2024-11-15 04:10 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
