|
303801
|
6.1 |
MEDIUM
Network
|
janeczku
|
calibre-web
|
A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover o…
|
CWE-79
Cross-site Scripting
|
CVE-2021-3988
|
2024-11-20 00:43 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303802
|
4.3 |
MEDIUM
Network
|
viwis
|
learning_management_system
|
A vulnerability was found in VIWIS LMS 9.11. It has been classified as critical. Affected is an unknown function of the component Print Handler. The manipulation leads to missing authorization. It is…
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2024-8001
|
2024-11-20 00:41 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303803
|
7.4 |
HIGH
Network
|
linuxfoundation
|
harbor
|
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution …
|
CWE-863
Incorrect Authorization
|
CVE-2022-31671
|
2024-11-20 00:40 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303804
|
7.2 |
HIGH
Network
|
mayurik
|
best_employee_management_system
|
A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulati…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11214
|
2024-11-20 00:38 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303805
|
9.8 |
CRITICAL
Network
|
icdsoft
|
multimanager_wp
|
The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersona…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-11028
|
2024-11-20 00:38 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303806
|
- |
|
-
|
-
|
In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which e…
|
-
|
CVE-2024-10103
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303807
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component.
|
-
|
CVE-2024-33231
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303808
|
- |
|
-
|
-
|
StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Versions of step-security/harden-runner prior to v2.10.2 contain multipl…
|
CWE-78
OS Command
|
CVE-2024-52587
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303809
|
- |
|
-
|
-
|
AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account.
|
-
|
CVE-2024-51051
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303810
|
- |
|
-
|
-
|
An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file.
|
-
|
CVE-2024-51053
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
