|
304111
|
- |
|
-
|
-
|
happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execut…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2024-51757
|
2024-11-9 04:01 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304112
|
- |
|
-
|
-
|
Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property polic…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2024-51755
|
2024-11-9 04:01 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304113
|
- |
|
-
|
-
|
Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of …
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2024-51754
|
2024-11-9 04:01 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304114
|
- |
|
-
|
-
|
Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file conte…
|
-
|
CVE-2024-51751
|
2024-11-9 04:01 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304115
|
- |
|
-
|
-
|
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin.
|
-
|
CVE-2024-50966
|
2024-11-9 03:35 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304116
|
- |
|
-
|
-
|
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a com…
|
-
|
CVE-2024-35314
|
2024-11-9 03:15 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304117
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the MX Series platforms with Trio-based FPCs allows an una…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-47493
|
2024-11-9 03:15 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304118
|
5.8 |
MEDIUM
Network
|
hashicorp
|
consul
|
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2024-10006
|
2024-11-9 03:10 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304119
|
5.8 |
MEDIUM
Network
|
hashicorp
|
consul
|
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
|
CWE-22
Path Traversal
|
CVE-2024-10005
|
2024-11-9 03:10 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304120
|
7.5 |
HIGH
Adjacent
|
hp
|
poly_tc8_firmware
poly_tc10_firmware
poly_studio_g7500_firmware
poly_studio_x30_firmware
poly_studio_x50_firmware
poly_studio_x70_firmware
poly_studio_x52_firmware
poly_studio_g6…
|
A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a …
|
CWE-77
Command Injection
|
CVE-2024-9579
|
2024-11-9 03:08 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
