|
316191
|
8.8 |
HIGH
Network
|
phpgurukul
|
job_portal
|
File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-8463
|
2024-09-13 02:15 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316192
|
4.7 |
MEDIUM
Physics
|
arm
|
trusted_firmware-m
|
An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function.
|
NVD-CWE-Other
|
CVE-2023-51712
|
2024-09-13 02:11 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316193
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tcp: add sanity tests to TCP_QUEUE_SEQ
Qingyu Li reported a syzkaller bug where the repro
changes RCV SEQ _after_ restoring data …
|
NVD-CWE-noinfo
|
CVE-2021-4442
|
2024-09-13 01:58 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316194
|
5.9 |
MEDIUM
Network
|
identityautomation
|
rapididentity
|
RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parame…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-45589
|
2024-09-13 01:54 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316195
|
6.1 |
MEDIUM
Network
|
linuxos
|
shakal-ng
|
A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument nex…
|
CWE-601
Open Redirect
|
CVE-2024-8412
|
2024-09-13 01:47 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316196
|
7.2 |
HIGH
Network
|
funnelforms
|
funnelforms_free
|
The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. Thi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-6311
|
2024-09-13 01:46 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316197
|
7.5 |
HIGH
Network
|
eclipse
|
vert.x
|
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).
This is fix…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-8391
|
2024-09-13 01:44 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316198
|
5.5 |
MEDIUM
Local
|
dpgaspar
|
flask_app_builder
|
Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue …
|
NVD-CWE-Other
|
CVE-2024-45314
|
2024-09-13 01:39 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316199
|
5.4 |
MEDIUM
Network
|
wpsocio
|
wp_telegram_widget_and_join_link
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link allows Stored XSS.This issue affects WP Telegram…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43309
|
2024-09-13 01:39 |
2024-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316200
|
- |
|
-
|
-
|
SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component.
|
-
|
CVE-2024-42760
|
2024-09-13 01:35 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
