491
|
- |
|
-
|
-
|
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `…
New
|
CWE-284
Improper Access Control
|
CVE-2021-3987
|
2024-11-15 22:58 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
492
|
- |
|
-
|
-
|
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of …
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-3986
|
2024-11-15 22:58 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
493
|
- |
|
-
|
-
|
An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versio…
New
|
CWE-611
XXE
|
CVE-2021-3902
|
2024-11-15 22:58 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
494
|
- |
|
-
|
-
|
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that…
New
|
-
|
CVE-2021-3841
|
2024-11-15 22:58 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
495
|
- |
|
-
|
-
|
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files o…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-3838
|
2024-11-15 22:58 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
496
|
- |
|
-
|
-
|
A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-3742
|
2024-11-15 22:58 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
497
|
- |
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malic…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-3741
|
2024-11-15 22:58 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
498
|
- |
|
-
|
-
|
A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0. The application does not invalidate existing sessions on other devices when a user changes their password, allowi…
New
|
CWE-384
Session Fixation
|
CVE-2021-3740
|
2024-11-15 22:58 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
499
|
8.0 |
HIGH
Network
|
-
|
-
|
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, …
New
|
CWE-200
Information Exposure
|
CVE-2024-8979
|
2024-11-15 22:58 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
500
|
5.7 |
MEDIUM
Network
|
-
|
-
|
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, …
New
|
-
|
CVE-2024-8978
|
2024-11-15 22:58 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|