|
308611
|
- |
|
-
|
-
|
Confidant is a open source secret management service that provides user-friendly storage and access to secrets. The following endpoints are subject to a cross site scripting vulnerability: GET /v1/cr…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45793
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308612
|
- |
|
-
|
-
|
Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding pa…
|
CWE-89
SQL Injection
|
CVE-2024-47062
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308613
|
- |
|
-
|
-
|
Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM att…
|
CWE-79
Cross-site Scripting
|
CVE-2024-47061
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308614
|
- |
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
-
|
CVE-2024-46654
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308615
|
- |
|
-
|
-
|
Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. An attacker can potentially replace the cont…
|
CWE-200
Information Exposure
|
CVE-2024-42351
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308616
|
- |
|
-
|
-
|
Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations en…
|
CWE-79
Cross-site Scripting
|
CVE-2024-42346
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308617
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows a remote attacker to execute arbitrary code via the q parameter of the product search function.
|
-
|
CVE-2024-42697
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308618
|
- |
|
-
|
-
|
The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. Howeve…
|
-
|
CVE-2024-45229
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308619
|
- |
|
-
|
-
|
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however (because of misconfigured Firebase ACLs), it is possible to cr…
|
-
|
CVE-2024-45489
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308620
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in Codezips Internal Marks Calculation 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument tid leads to …
|
CWE-89
SQL Injection
|
CVE-2024-9037
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
