|
2441
|
4.3 |
MEDIUM
Adjacent
|
google
|
nearby
|
There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the us…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2024-38272
|
2024-09-24 23:34 |
2024-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2442
|
8.8 |
HIGH
Network
|
mintplexlabs
|
anythingllm
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded li…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-3149
|
2024-09-24 23:19 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2443
|
6.5 |
MEDIUM
Network
|
gaizhenbiao
|
chuanhuchatgpt
|
In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypas…
|
CWE-284
Improper Access Control
|
CVE-2024-3404
|
2024-09-24 23:11 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2444
|
9.8 |
CRITICAL
Network
gaizhenbiao
|
chuanhuchatgpt
|
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources wi…
|
CWE-22
Path Traversal
|
CVE-2024-3234
|
2024-09-24 23:09 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2445
|
8.6 |
HIGH
Network
zylon
|
privategpt
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could res…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-5186
|
2024-09-24 23:04 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2446
|
5.4 |
MEDIUM
Network
|
gaizhenbiao
|
chuanhuchatgpt
|
A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input va…
|
CWE-79
Cross-site Scripting
|
CVE-2024-3402
|
2024-09-24 23:04 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2447
|
6.3 |
MEDIUM
Network
|
kanboard
|
kanboard
|
Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-36399
|
2024-09-24 22:59 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2448
|
7.8 |
HIGH
Local
|
a10networks
|
advanced_core_operating_system
|
A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-30369
|
2024-09-24 22:55 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2449
|
8.8 |
HIGH
Network
|
a10networks
|
advanced_core_operating_system
|
A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC…
|
CWE-77
Command Injection
|
CVE-2024-30368
|
2024-09-24 22:54 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2450
|
8.8 |
HIGH
Network
|
agpt
|
autogpt
|
A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the…
|
CWE-352
Origin Validation Error
|
CVE-2024-1879
|
2024-09-24 22:54 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
