|
303751
|
- |
|
-
|
-
|
Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module.
|
-
|
CVE-2024-25255
|
2024-11-20 02:35 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303752
|
- |
|
-
|
-
|
Driver Booster v10.6 was discovered to contain a buffer overflow via the Host parameter under the Customize proxy module.
|
-
|
CVE-2024-25253
|
2024-11-20 02:35 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303753
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
ecostruxure_it_gateway
|
CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on
the network and potentially impacting connected devices.
|
CWE-862
Missing Authorization
|
CVE-2024-10575
|
2024-11-20 02:28 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303754
|
- |
|
-
|
-
|
Statmatic is a Laravel and Git powered content management system (CMS). Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location dif…
|
CWE-22
Path Traversal
|
CVE-2024-52600
|
2024-11-20 02:15 |
2024-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303755
|
4.3 |
MEDIUM
Network
|
janeczku
|
calibre-web
|
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-3986
|
2024-11-20 02:12 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303756
|
9.8 |
CRITICAL
Network
|
dompdf_project
|
dompdf
|
An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versio…
|
CWE-611
XXE
|
CVE-2021-3902
|
2024-11-20 02:12 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303757
|
5.4 |
MEDIUM
Network
|
sylius
|
sylius
|
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that…
|
CWE-79
Cross-site Scripting
|
CVE-2021-3841
|
2024-11-20 02:11 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303758
|
9.8 |
CRITICAL
Network
|
dompdf_project
|
dompdf
|
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files o…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-3838
|
2024-11-20 02:11 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303759
|
8.8 |
HIGH
Network
|
chatwoot
|
chatwoot
|
A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-3742
|
2024-11-20 02:10 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303760
|
8.8 |
HIGH
Network
|
vanquish
|
user_extra_fields
|
The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 1…
|
CWE-862
Missing Authorization
|
CVE-2024-10800
|
2024-11-20 02:08 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
