381
|
- |
|
-
|
-
|
A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It has been rated as problematic. This issue affects the function AttachmentUploadController of the file /WF/Ath/EntityMutliFile_Load.…
|
CWE-284
Improper Access Control
|
CVE-2024-9003
|
2024-09-20 21:30 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
382
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
CWE-787
Out-of-bounds Write
|
CVE-2024-43496
|
2024-09-20 21:30 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
383
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
CWE-843
Type Confusion
|
CVE-2024-43489
|
2024-09-20 21:30 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
384
|
- |
|
-
|
-
|
Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-45614
|
2024-09-20 21:30 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
385
|
- |
|
-
|
-
|
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the req…
|
CWE-345 CWE-348
Insufficient Verification of Data Authenticity Use of Less Trusted Source
|
CVE-2024-45410
|
2024-09-20 21:30 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
386
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
CWE-79
Cross-site Scripting
|
CVE-2024-38221
|
2024-09-20 21:30 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
387
|
- |
|
-
|
-
|
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation o…
|
-
|
CVE-2024-9001
|
2024-09-20 21:30 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
388
|
- |
|
-
|
-
|
Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.
|
-
|
CVE-2024-25673
|
2024-09-20 21:30 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
389
|
- |
|
-
|
-
|
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-47162
|
2024-09-20 21:30 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
390
|
- |
|
-
|
-
|
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
|
-
|
CVE-2024-47160
|
2024-09-20 21:30 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|