|
305881
|
- |
|
-
|
-
|
Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address (0xFFFFFFFF) which could resu…
|
CWE-138
CWE-159
Improper Neutralization of Special Elements
Improper Handling of Invalid Use of Special Elements
|
CVE-2024-51500
|
2024-11-6 01:04 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305882
|
- |
|
-
|
-
|
gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. An attacker can inject malicious content into a WebSocket …
|
-
|
CVE-2024-48059
|
2024-11-6 01:04 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305883
|
- |
|
-
|
-
|
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2024-51744
|
2024-11-6 01:04 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305884
|
- |
|
-
|
-
|
A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without the…
|
-
|
CVE-2024-30617
|
2024-11-6 01:04 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305885
|
- |
|
-
|
-
|
Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity.
|
-
|
CVE-2024-30616
|
2024-11-6 01:04 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305886
|
6.1 |
MEDIUM
Network
|
cisco
|
firepower_management_center
|
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS…
|
CWE-79
Cross-site Scripting
|
CVE-2024-20372
|
2024-11-6 01:04 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305887
|
4.6 |
MEDIUM
Network
|
radixiot
|
mango
|
MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.
|
CWE-94
Code Injection
|
CVE-2024-37846
|
2024-11-6 01:03 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305888
|
5.4 |
MEDIUM
Network
|
radixiot
|
mango
|
A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
CWE-79
Cross-site Scripting
|
CVE-2024-37844
|
2024-11-6 01:03 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305889
|
5.4 |
MEDIUM
Network
|
cisco
|
firepower_management_center
|
A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due …
|
CWE-79
Cross-site Scripting
|
CVE-2024-20387
|
2024-11-6 01:00 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305890
|
8.8 |
HIGH
Network
|
radixiot
|
mangoapi
mango
|
An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file.
|
CWE-22
Path Traversal
|
CVE-2024-37847
|
2024-11-6 00:47 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
