61
|
- |
|
-
|
-
|
A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It has been rated as problematic. This issue affects the function AttachmentUploadController of the file /WF/Ath/EntityMutliFile_Load.…
New
|
CWE-284
Improper Access Control
|
CVE-2024-9003
|
2024-09-20 06:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
62
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
New
|
CWE-787
Out-of-bounds Write
|
CVE-2024-43496
|
2024-09-20 06:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
63
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
New
|
CWE-843
Type Confusion
|
CVE-2024-43489
|
2024-09-20 06:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
64
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-38221
|
2024-09-20 06:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
65
|
7.8 |
HIGH
Local
|
acronis
|
cyber_protect_home_office
|
Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278.
Update
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2022-46869
|
2024-09-20 06:15 |
2023-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
66
|
5.5 |
MEDIUM
Local
|
ibm
|
cloud_pak_for_security qradar_suite
|
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local use…
Update
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-25023
|
2024-09-20 06:14 |
2024-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
67
|
9.8 |
CRITICAL
Network
pluck-cms
|
pluck
|
Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack.
Update
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-43042
|
2024-09-20 06:01 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
68
|
8.8 |
HIGH
Network
|
churchcrm
|
churchcrm
|
ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authen…
Update
|
CWE-89
SQL Injection
|
CVE-2024-39304
|
2024-09-20 05:59 |
2024-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
69
|
8.8 |
HIGH
Network
|
nuxt
|
nuxt
|
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an…
Update
|
CWE-94
Code Injection
|
CVE-2024-34344
|
2024-09-20 05:58 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
70
|
7.5 |
HIGH
Network
nuxt
|
nuxt
|
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-42352
|
2024-09-20 05:55 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|