1821
|
- |
|
-
|
-
|
Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. An attacker can potentially replace the cont…
|
CWE-200
Information Exposure
|
CVE-2024-42351
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1822
|
- |
|
-
|
-
|
Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations en…
|
CWE-79
Cross-site Scripting
|
CVE-2024-42346
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1823
|
3.8 |
LOW
Local
|
-
|
-
|
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_compl…
|
CWE-200
Information Exposure
|
CVE-2024-8612
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1824
|
- |
|
-
|
-
|
Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM att…
|
CWE-79
Cross-site Scripting
|
CVE-2024-47061
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1825
|
- |
|
-
|
-
|
The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. Howeve…
|
-
|
CVE-2024-45229
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1826
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows a remote attacker to execute arbitrary code via the q parameter of the product search function.
|
-
|
CVE-2024-42697
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1827
|
- |
|
-
|
-
|
Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however (because of misconfigured Firebase ACLs), it is possible to cr…
|
-
|
CVE-2024-45489
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1828
|
- |
|
-
|
-
|
Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLog…
|
-
|
CVE-2024-37879
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1829
|
- |
|
-
|
-
|
An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function.
|
-
|
CVE-2023-47480
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1830
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in Codezips Internal Marks Calculation 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument tid leads to …
|
CWE-89
SQL Injection
|
CVE-2024-9037
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|