2151
|
6.5 |
MEDIUM
Network
|
acquia
|
mautic
|
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.
Users could potentially access sensitive data such a…
|
CWE-276
Incorrect Default Permissions
|
CVE-2022-25776
|
2024-09-25 00:19 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2152
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system.
|
NVD-CWE-noinfo
|
CVE-2024-40843
|
2024-09-25 00:02 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2153
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
|
NVD-CWE-noinfo
|
CVE-2024-40842
|
2024-09-24 23:56 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2154
|
7.5 |
HIGH
Network
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-40770
|
2024-09-24 23:55 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2155
|
4.3 |
MEDIUM
Adjacent
|
google
|
nearby
|
There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the us…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2024-38272
|
2024-09-24 23:34 |
2024-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2156
|
8.8 |
HIGH
Network
|
mintplexlabs
|
anythingllm
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded li…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-3149
|
2024-09-24 23:19 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2157
|
6.5 |
MEDIUM
Network
|
gaizhenbiao
|
chuanhuchatgpt
|
In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypas…
|
CWE-284
Improper Access Control
|
CVE-2024-3404
|
2024-09-24 23:11 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2158
|
9.8 |
CRITICAL
Network
gaizhenbiao
|
chuanhuchatgpt
|
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources wi…
|
CWE-22
Path Traversal
|
CVE-2024-3234
|
2024-09-24 23:09 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2159
|
8.6 |
HIGH
Network
zylon
|
privategpt
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could res…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-5186
|
2024-09-24 23:04 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2160
|
5.4 |
MEDIUM
Network
|
gaizhenbiao
|
chuanhuchatgpt
|
A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input va…
|
CWE-79
Cross-site Scripting
|
CVE-2024-3402
|
2024-09-24 23:04 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|