|
281
|
- |
|
-
|
-
|
WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_permissao.php` endpoint. This vulnerability could allow an authoriz…
New
|
CWE-89
SQL Injection
|
CVE-2025-24901
|
2025-02-4 07:15 |
2025-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282
|
- |
|
-
|
-
|
CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the `blocksync` protocol peers send their `base` and `latest` heights when they connect to a ne…
New
|
CWE-703
Improper Check or Handling of Exceptional Conditions
|
CVE-2025-24371
|
2025-02-4 07:15 |
2025-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283
|
- |
|
-
|
-
|
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users (possibly anonymous ones if the widget is used in the dashboard of a public project) might get a…
New
|
CWE-280
Improper Handling of Insufficient Permissions or Privileges
|
CVE-2025-24029
|
2025-02-4 07:15 |
2025-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284
|
- |
|
-
|
-
|
phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting (XSS) sanitizer using the java…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-23210
|
2025-02-4 07:15 |
2025-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285
|
- |
|
-
|
-
|
Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based env…
New
|
CWE-284
Improper Access Control
|
CVE-2024-35177
|
2025-02-4 07:15 |
2025-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286
|
- |
|
-
|
-
|
reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` …
New
|
CWE-74
Injection
|
CVE-2025-24962
|
2025-02-4 06:15 |
2025-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287
|
- |
|
-
|
-
|
org.gaul S3Proxy implements the S3 API and proxies requests. Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to users. This issue has been addres…
New
|
CWE-22
Path Traversal
|
CVE-2025-24961
|
2025-02-4 06:15 |
2025-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288
|
- |
|
-
|
-
|
Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the route(s). This can lead to Path Traversal Vulnerabilities. Since …
New
|
CWE-22
Path Traversal
|
CVE-2025-24960
|
2025-02-4 06:15 |
2025-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289
|
- |
|
-
|
-
|
reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or …
New
|
CWE-200
Information Exposure
|
CVE-2025-24899
|
2025-02-4 06:15 |
2025-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290
|
- |
|
-
|
-
|
zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into `process.env`. This can lead to arbitrary command e…
New
|
CWE-94
Code Injection
|
CVE-2025-24959
|
2025-02-4 06:15 |
2025-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
