1081
|
6.1 |
MEDIUM
Network
|
rollupjs
|
rollup
|
Rollup is a module bundler for JavaScript. Versions prior to 3.29.5 and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `impor…
|
CWE-79
Cross-site Scripting
|
CVE-2024-47068
|
2024-10-1 02:39 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1082
|
7.5 |
HIGH
Network
linuxptp_project
|
linuxptp
|
An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function
|
NVD-CWE-noinfo
|
CVE-2024-42861
|
2024-10-1 02:35 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1083
|
6.1 |
MEDIUM
Network
|
flowiseai
|
embed flowise
|
Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.
|
CWE-79
Cross-site Scripting
|
CVE-2024-9148
|
2024-10-1 02:34 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1084
|
7.5 |
HIGH
Network
thecosy
|
icecms
|
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/C…
|
NVD-CWE-noinfo
|
CVE-2024-46610
|
2024-10-1 01:30 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1085
|
- |
|
-
|
-
|
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admi…
|
-
|
CVE-2024-3165
|
2024-10-1 01:15 |
2024-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1086
|
- |
|
-
|
-
|
In dotCMS dashboard, the Tools and Log Files tabs under System ? Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admi…
|
-
|
CVE-2024-3164
|
2024-10-1 01:15 |
2024-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1087
|
6.1 |
MEDIUM
Network
|
dotcms
|
dotcms
|
In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is h…
|
CWE-79
Cross-site Scripting
|
CVE-2023-3042
|
2024-10-1 01:15 |
2023-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1088
|
7.1 |
HIGH
Local
|
artifex debian
|
ghostscript debian_linux
|
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF fil…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-27792
|
2024-10-1 01:15 |
2022-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1089
|
5.4 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users …
|
CWE-79
Cross-site Scripting
|
CVE-2024-7398
|
2024-10-1 01:12 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1090
|
4.8 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete C…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8291
|
2024-10-1 00:59 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|