|
312511
|
- |
|
-
|
-
|
An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file.
|
-
|
CVE-2024-51053
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312512
|
- |
|
-
|
-
|
An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via…
|
-
|
CVE-2024-50848
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312513
|
- |
|
-
|
-
|
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2024-52303
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312514
|
- |
|
-
|
-
|
MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Contro…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-51743
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312515
|
4.3 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception d…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2021-3991
|
2024-11-20 00:31 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312516
|
4.8 |
MEDIUM
Network
|
phpipam
|
phpipam
|
A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the …
|
CWE-79
Cross-site Scripting
|
CVE-2022-1226
|
2024-11-20 00:30 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312517
|
7.7 |
HIGH
Network
|
linuxfoundation
|
harbor
|
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authentic…
|
CWE-863
Incorrect Authorization
|
CVE-2022-31668
|
2024-11-20 00:25 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312518
|
6.4 |
MEDIUM
Network
|
linuxfoundation
|
harbor
|
Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.
By sending a request that attempts to updat…
|
CWE-863
Incorrect Authorization
|
CVE-2022-31667
|
2024-11-20 00:25 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312519
|
7.7 |
HIGH
Network
|
linuxfoundation
|
harbor
|
Harbor fails to validate the user permissions when updating tag retention policies.
By sending a request to update a tag retention policy with an id that belongs to a project that the currently aut…
|
CWE-863
Incorrect Authorization
|
CVE-2022-31670
|
2024-11-20 00:20 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312520
|
7.7 |
HIGH
Network
|
linuxfoundation
|
harbor
|
Harbor fails to validate the user permissions when updating tag immutability policies.
By sending a request to update a tag immutability policy with an id that belongs to a
project that the current…
|
CWE-863
Incorrect Authorization
|
CVE-2022-31669
|
2024-11-20 00:20 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
