1961
|
8.8 |
HIGH
Network
|
frogcms_project
|
frogcms
|
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/delete/123
|
CWE-352
Origin Validation Error
|
CVE-2024-46086
|
2024-09-26 02:08 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1962
|
7.5 |
HIGH
Network
quinn_project
|
quinn
|
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to `accept()`, `retry()`, `refuse()`, or `ignore()` an `…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2024-45311
|
2024-09-26 02:03 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1963
|
7.5 |
HIGH
Network
linlinjava
|
litemall
|
A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminGoodscontroller.java.
|
CWE-89
SQL Injection
|
CVE-2024-46382
|
2024-09-26 01:56 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1964
|
8.8 |
HIGH
Network
|
frogcms_project
|
frogcms
|
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add
|
CWE-352
Origin Validation Error
|
CVE-2024-46394
|
2024-09-26 01:55 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1965
|
7.3 |
HIGH
Local
|
pixlone
|
logiops
|
logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This al…
|
NVD-CWE-noinfo
|
CVE-2024-45752
|
2024-09-26 01:54 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1966
|
5.4 |
MEDIUM
Network
|
workdo
|
crmgo_saas
|
A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. This issue affects some unknown processing of the file /project/task/{task_id}/show. The manip…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9031
|
2024-09-26 01:52 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1967
|
3.3 |
LOW
Local
|
apple
|
macos
|
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device.
|
NVD-CWE-noinfo
|
CVE-2024-40838
|
2024-09-26 01:46 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1968
|
6.5 |
MEDIUM
Network
|
zitadel
|
zitadel
|
Zitadel is an open source identity management platform. In Zitadel, even after an organization is deactivated, associated projects, respectively their applications remain active. Users across other o…
|
CWE-863
Incorrect Authorization
|
CVE-2024-47060
|
2024-09-26 01:43 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1969
|
8.8 |
HIGH
Network
|
code4recovery
|
12_step_meeting_list
|
Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.28.
|
CWE-862
Missing Authorization
|
CVE-2024-22296
|
2024-09-26 01:36 |
2024-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1970
|
8.8 |
HIGH
Network
|
windriver
|
vxworks
|
An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute f…
|
CWE-22
Path Traversal
|
CVE-2023-38346
|
2024-09-26 01:35 |
2023-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|