521
|
7.5 |
HIGH
Network
hexo
|
hexo
|
Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability.
Update
|
NVD-CWE-noinfo
|
CVE-2023-39584
|
2024-09-27 03:35 |
2023-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
522
|
7.5 |
HIGH
Network
buffalo
|
terastation_nas_5410r_firmware
|
An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function.
Update
|
NVD-CWE-noinfo
|
CVE-2023-39620
|
2024-09-27 03:35 |
2023-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
523
|
9.8 |
CRITICAL
Network
trendylogics
|
crypto_currency_tracker
|
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.
Update
|
NVD-CWE-Other
|
CVE-2023-37759
|
2024-09-27 03:35 |
2023-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
524
|
5.4 |
MEDIUM
Network
|
muffingroup
|
betheme
|
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insufficient input sanitization and output escapi…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-5567
|
2024-09-27 03:27 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
525
|
- |
|
-
|
-
|
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen loca…
New
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2024-47171
|
2024-09-27 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
526
|
- |
|
-
|
-
|
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chos…
New
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2024-47170
|
2024-09-27 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
527
|
- |
|
-
|
-
|
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, `<nix/fetchurl.nix>` did not verify TLS certificates on HTTPS connections.…
New
|
CWE-287
Improper Authentication
|
CVE-2024-47174
|
2024-09-27 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
528
|
- |
|
-
|
-
|
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen …
New
|
CWE-434 CWE-35
Unrestricted Upload of File with Dangerous Type Path Traversal: '.../...//'
|
CVE-2024-47169
|
2024-09-27 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
529
|
- |
|
-
|
-
|
The goTenna Pro series allows unauthenticated attackers to remotely update the local public keys used for P2P and Group messages.
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-47130
|
2024-09-27 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
530
|
- |
|
-
|
-
|
The goTenna Pro has a payload length vulnerability that makes it possible to tell the length of the payload regardless of the encryption used.
New
|
CWE-204
Response Discrepancy Information Exposure
|
CVE-2024-47129
|
2024-09-27 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|