2261
|
- |
|
-
|
-
|
This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the vi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-38380
|
2024-09-20 21:30 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2262
|
- |
|
-
|
-
|
A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API can lead to a Denial of Service (DoS). The API used for LLM-base…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-8939
|
2024-09-20 21:30 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2263
|
- |
|
-
|
-
|
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.
|
CWE-617
Reachable Assertion
|
CVE-2024-8768
|
2024-09-20 21:30 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2264
|
- |
|
-
|
-
|
Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete fil…
|
-
|
CVE-2021-27916
|
2024-09-20 21:30 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2265
|
- |
|
-
|
-
|
Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks.
|
-
|
CVE-2024-38860
|
2024-09-20 21:30 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2266
|
- |
|
-
|
-
|
Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5.
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2024-21743
|
2024-09-20 21:30 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2267
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, CWE - 83 Improper Neutralization of Script in Attributes in a Web…
|
CWE-79 CWE-116
Cross-site Scripting Improper Encoding or Escaping of Output
|
CVE-2024-7873
|
2024-09-20 21:30 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2268
|
- |
|
-
|
-
|
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory
|
-
|
CVE-2024-46362
|
2024-09-20 21:30 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2269
|
- |
|
-
|
-
|
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename
|
-
|
CVE-2024-46085
|
2024-09-20 21:30 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2270
|
- |
|
-
|
-
|
On Windows systems, the Arc configuration files resulted to be world-readable.
This can lead to information disclosure by local attackers, via exfiltration of sensitive data from configuration fil…
|
-
|
CVE-2023-5937
|
2024-09-20 21:15 |
2024-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|