|
305681
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in eyouCMS v.1.6.7 allows a remote attacker to obtain sensitive information via a crafted script to the post parameter.
|
-
|
CVE-2024-48195
|
2024-10-31 03:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305682
|
- |
|
-
|
-
|
newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter.
|
-
|
CVE-2024-48178
|
2024-10-31 03:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305683
|
- |
|
-
|
-
|
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
|
-
|
CVE-2024-50602
|
2024-10-31 03:35 |
2024-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305684
|
5.3 |
MEDIUM
Network
|
redhat
|
openshift_container_platform
|
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and …
|
NVD-CWE-noinfo
|
CVE-2024-50312
|
2024-10-31 03:35 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305685
|
7.5 |
HIGH
Network
|
mozilla
|
thunderbird
firefox
|
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox E…
|
NVD-CWE-noinfo
|
CVE-2024-9399
|
2024-10-31 03:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305686
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
thunderbird
firefox_esr
|
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vuln…
|
NVD-CWE-noinfo
|
CVE-2024-9398
|
2024-10-31 03:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305687
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
firefox_esr
|
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This ac…
|
NVD-CWE-Other
|
CVE-2024-9394
|
2024-10-31 03:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305688
|
- |
|
-
|
-
|
Insufficient access controls in ASP kernel may allow a
privileged attacker with access to AMD signing keys and the BIOS menu or UEFI
shell to map DRAM regions in protected areas, potentially leading …
|
-
|
CVE-2021-26387
|
2024-10-31 03:35 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305689
|
6.1 |
MEDIUM
Network
|
projectworlds
|
simple_web-based_chat_application
|
A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manip…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10433
|
2024-10-31 03:31 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305690
|
8.8 |
HIGH
Network
|
agnai
|
agnai
|
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen …
|
CWE-434
CWE-35
Unrestricted Upload of File with Dangerous Type
Path Traversal: '.../...//'
|
CVE-2024-47169
|
2024-10-31 03:25 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
