|
308081
|
7.5 |
HIGH
Network
|
zimaspace
|
zimaos
|
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the ZimaOS API endpoint `http://<Zima_Server_IP:PORT>/v3/file?t…
|
CWE-22
Path Traversal
|
CVE-2024-48931
|
2024-11-7 00:46 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308082
|
9.8 |
CRITICAL
Network
|
lunary
|
lunary
|
A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary version v1.4.2. The `order by` clause of the SQL query uses `sql.unsafe` without prior sanitization, all…
|
CWE-89
SQL Injection
|
CVE-2024-7456
|
2024-11-7 00:45 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308083
|
4.8 |
MEDIUM
Network
|
dublue
|
table_of_contents_plus
|
The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting atta…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5578
|
2024-11-7 00:44 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308084
|
4.8 |
MEDIUM
Network
|
nsqua
|
simply_schedule_appointments
|
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high …
|
CWE-79
Cross-site Scripting
|
CVE-2024-7877
|
2024-11-7 00:42 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308085
|
4.8 |
MEDIUM
Network
|
nsqua
|
simply_schedule_appointments
|
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow h…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7876
|
2024-11-7 00:42 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308086
|
- |
|
-
|
-
|
An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room…
|
-
|
CVE-2024-42773
|
2024-11-7 00:35 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308087
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_exchange_reporter_plus
|
Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.
|
CWE-89
SQL Injection
|
CVE-2024-9459
|
2024-11-7 00:29 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308088
|
7.5 |
HIGH
Network
|
zimaspace
|
zimaos
|
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as `http://<Server-IP>/v1/use…
|
CWE-862
Missing Authorization
|
CVE-2024-49357
|
2024-11-7 00:28 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308089
|
7.5 |
HIGH
Network
|
zimaspace
|
zimaos
|
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Zima_Server_IP:PORT>/v2_1/file` in Zi…
|
CWE-22
Path Traversal
|
CVE-2024-49359
|
2024-11-7 00:27 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308090
|
5.3 |
MEDIUM
Network
|
zimaspace
|
zimaos
|
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Server-IP>/v1/users/login` in ZimaOS …
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-49358
|
2024-11-7 00:27 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
