|
303821
|
9.8 |
CRITICAL
Network
|
gogs
|
gogs
|
A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter duri…
|
CWE-77
Command Injection
|
CVE-2022-1884
|
2024-11-19 23:47 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303822
|
5.4 |
MEDIUM
Network
|
usememos
|
memos
|
A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and r…
|
CWE-79
Cross-site Scripting
|
CVE-2023-0109
|
2024-11-19 23:44 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303823
|
6.5 |
MEDIUM
Network
|
wallabag
|
wallabag
|
wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in ve…
|
CWE-352
Origin Validation Error
|
CVE-2023-0737
|
2024-11-19 23:43 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303824
|
- |
|
-
|
-
|
A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage…
|
-
|
CVE-2024-11075
|
2024-11-19 23:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303825
|
- |
|
-
|
-
|
Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in the X_B and SAT file reading procedure in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025. These …
|
-
|
CVE-2024-10204
|
2024-11-19 23:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303826
|
- |
|
-
|
-
|
Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash th…
|
-
|
CVE-2024-21538
|
2024-11-19 23:15 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303827
|
- |
|
-
|
-
|
The Bard theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.216. This …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9830
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303828
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.243. This …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9777
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303829
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘position’ parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and …
|
CWE-79
Cross-site Scripting
|
CVE-2024-11224
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303830
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘extra_class’ parameter in all versions up to, and including, 3.6.1 due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2024-11198
|
2024-11-19 22:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
