|
310901
|
- |
|
-
|
-
|
Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to Cross Site Request Forgery (CSRF) via /edit-profile.php.
|
-
|
CVE-2024-48278
|
2024-10-17 01:38 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310902
|
- |
|
-
|
-
|
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio…
|
-
|
CVE-2024-40654
|
2024-10-17 01:35 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310903
|
7.5 |
HIGH
Network
|
wikimedia
|
wikimedia-extensions-css
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki -…
|
CWE-22
Path Traversal
|
CVE-2024-47841
|
2024-10-17 01:34 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310904
|
9.8 |
CRITICAL
Network
|
mediawiki
|
cargo
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Ca…
|
CWE-89
SQL Injection
|
CVE-2024-47849
|
2024-10-17 01:34 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310905
|
6.5 |
MEDIUM
Network
|
avaiga
|
taipy
|
Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure …
|
CWE-319
CWE-732
Cleartext Transmission of Sensitive Information
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-47833
|
2024-10-17 01:33 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310906
|
5.4 |
MEDIUM
Network
|
code-projects
|
blood_bank_system
|
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as problematic. This affects an unknown part of the file blooddetails.php. The manipulation of the …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9803
|
2024-10-17 01:21 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310907
|
8.8 |
HIGH
Network
|
dlink
|
dir-619l_firmware
|
A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the…
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-9786
|
2024-10-17 01:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310908
|
8.8 |
HIGH
Network
|
dlink
|
dir-619l_firmware
|
A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argume…
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-9785
|
2024-10-17 01:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310909
|
6.5 |
MEDIUM
Network
|
shilpisoft
|
net_back_office
|
This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a p…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-47657
|
2024-10-17 00:44 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310910
|
8.1 |
HIGH
Network
|
microsoft
|
visual_studio_2022
.net
|
.NET and Visual Studio Remote Code Execution Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-38229
|
2024-10-17 00:36 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
