1971
|
- |
|
-
|
-
|
spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the sa…
|
CWE-269
Improper Privilege Management
|
CVE-2024-46989
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1972
|
- |
|
-
|
-
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as `<hostn…
|
CWE-200 CWE-359
Information Exposure Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2024-46979
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1973
|
- |
|
-
|
-
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user,…
|
CWE-648
Incorrect Use of Privileged APIs
|
CVE-2024-46978
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1974
|
- |
|
-
|
-
|
Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the s…
|
-
|
CVE-2024-45601
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1975
|
- |
|
-
|
-
|
**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulne…
|
-
|
CVE-2024-34399
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1976
|
- |
|
-
|
-
|
Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data.
|
-
|
CVE-2023-41611
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1977
|
- |
|
-
|
-
|
Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext.
|
-
|
CVE-2023-41610
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1978
|
- |
|
-
|
-
|
Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default `0.0.0.0` filter a user may bypass this block by using …
|
CWE-284
Improper Access Control
|
CVE-2024-46990
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1979
|
- |
|
-
|
-
|
find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is …
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2024-45813
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1980
|
- |
|
-
|
-
|
exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.
|
-
|
CVE-2023-47105
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|