2281
|
6.1 |
MEDIUM
Network
|
dedecms
|
dedecms
|
DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module.
|
CWE-79
Cross-site Scripting
|
CVE-2024-46372
|
2024-09-25 00:40 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2282
|
7.5 |
HIGH
Network
draytek
|
vigor3910_firmware
|
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a craft…
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-46590
|
2024-09-25 00:23 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2283
|
6.5 |
MEDIUM
Network
|
acquia
|
mautic
|
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.
Users could potentially access sensitive data such a…
|
CWE-276
Incorrect Default Permissions
|
CVE-2022-25776
|
2024-09-25 00:19 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2284
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system.
|
NVD-CWE-noinfo
|
CVE-2024-40843
|
2024-09-25 00:02 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2285
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
|
NVD-CWE-noinfo
|
CVE-2024-40842
|
2024-09-24 23:56 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2286
|
7.5 |
HIGH
Network
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-40770
|
2024-09-24 23:55 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2287
|
4.3 |
MEDIUM
Adjacent
|
google
|
nearby
|
There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the us…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2024-38272
|
2024-09-24 23:34 |
2024-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2288
|
8.8 |
HIGH
Network
|
mintplexlabs
|
anythingllm
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded li…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-3149
|
2024-09-24 23:19 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2289
|
6.5 |
MEDIUM
Network
|
gaizhenbiao
|
chuanhuchatgpt
|
In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypas…
|
CWE-284
Improper Access Control
|
CVE-2024-3404
|
2024-09-24 23:11 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2290
|
9.8 |
CRITICAL
Network
gaizhenbiao
|
chuanhuchatgpt
|
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources wi…
|
CWE-22
Path Traversal
|
CVE-2024-3234
|
2024-09-24 23:09 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|