|
312701
|
4.8 |
MEDIUM
Network
|
phpipam
|
phpipam
|
A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the …
|
CWE-79
Cross-site Scripting
|
CVE-2022-1226
|
2024-11-20 00:30 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312702
|
7.7 |
HIGH
Network
|
linuxfoundation
|
harbor
|
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authentic…
|
CWE-863
Incorrect Authorization
|
CVE-2022-31668
|
2024-11-20 00:25 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312703
|
6.4 |
MEDIUM
Network
|
linuxfoundation
|
harbor
|
Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.
By sending a request that attempts to updat…
|
CWE-863
Incorrect Authorization
|
CVE-2022-31667
|
2024-11-20 00:25 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312704
|
7.7 |
HIGH
Network
|
linuxfoundation
|
harbor
|
Harbor fails to validate the user permissions when updating tag retention policies.
By sending a request to update a tag retention policy with an id that belongs to a project that the currently aut…
|
CWE-863
Incorrect Authorization
|
CVE-2022-31670
|
2024-11-20 00:20 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312705
|
7.7 |
HIGH
Network
|
linuxfoundation
|
harbor
|
Harbor fails to validate the user permissions when updating tag immutability policies.
By sending a request to update a tag immutability policy with an id that belongs to a
project that the current…
|
CWE-863
Incorrect Authorization
|
CVE-2022-31669
|
2024-11-20 00:20 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312706
|
9.8 |
CRITICAL
Network
|
backpackforlaravel
|
filemanager
|
FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerabilit…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-52306
|
2024-11-20 00:02 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312707
|
9.8 |
CRITICAL
Network
|
gogs
|
gogs
|
A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter duri…
|
CWE-77
Command Injection
|
CVE-2022-1884
|
2024-11-19 23:47 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312708
|
5.4 |
MEDIUM
Network
|
usememos
|
memos
|
A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and r…
|
CWE-79
Cross-site Scripting
|
CVE-2023-0109
|
2024-11-19 23:44 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312709
|
6.5 |
MEDIUM
Network
|
wallabag
|
wallabag
|
wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in ve…
|
CWE-352
Origin Validation Error
|
CVE-2023-0737
|
2024-11-19 23:43 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312710
|
- |
|
-
|
-
|
A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage…
|
-
|
CVE-2024-11075
|
2024-11-19 23:15 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
