|
312011
|
7.5 |
HIGH
Network
|
dfinity
|
canister_developer_kit_for_the_internet_computer
|
When a canister method is called via ic_cdk::call* , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked a…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-7884
|
2024-09-13 05:47 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312012
|
8.8 |
HIGH
Network
|
mitel
|
mivoice_mx-one
|
The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successfu…
|
NVD-CWE-noinfo
|
CVE-2024-36446
|
2024-09-13 05:47 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312013
|
4.3 |
MEDIUM
Network
|
imagerecycle
|
imagerecycle_pdf_\&_image_compression
|
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and i…
|
CWE-862
Missing Authorization
|
CVE-2024-6631
|
2024-09-13 05:39 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312014
|
- |
|
-
|
-
|
The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks…
|
-
|
CVE-2024-7891
|
2024-09-13 05:35 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312015
|
6.5 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a…
|
CWE-74
Injection
|
CVE-2024-42903
|
2024-09-13 05:20 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312016
|
5.4 |
MEDIUM
Network
|
xibosignage
|
xibo
|
Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43412
|
2024-09-13 05:20 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312017
|
6.1 |
MEDIUM
Network
|
syspass
|
syspass
|
A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientCon…
|
CWE-79
Cross-site Scripting
|
CVE-2024-42904
|
2024-09-13 05:19 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312018
|
4.8 |
MEDIUM
Network
|
xibosignage
|
xibo
|
Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43413
|
2024-09-13 05:18 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312019
|
5.4 |
MEDIUM
Network
|
cloudcannon
|
pagefinder
|
Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking …
|
CWE-79
Cross-site Scripting
|
CVE-2024-45389
|
2024-09-13 05:17 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312020
|
- |
|
-
|
-
|
Rejected reason: DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2024-45593. Reason: This record is a reservation duplicate of CVE-2024-45593. Notes: All CVE users should reference CVE-2024-45593 instea…
|
-
|
CVE-2024-45845
|
2024-09-13 05:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
