251
|
- |
|
-
|
-
|
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX fil…
Update
|
CWE-918 CWE-36
Server-Side Request Forgery (SSRF) Absolute Path Traversal
|
CVE-2024-45290
|
2024-10-10 21:57 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
252
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, catego…
Update
|
CWE-287
Improper Authentication
|
CVE-2024-45051
|
2024-10-10 21:57 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
253
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of …
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-43789
|
2024-10-10 21:57 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
254
|
- |
|
-
|
-
|
Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewse…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-43365
|
2024-10-10 21:57 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
255
|
- |
|
-
|
-
|
Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stor…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-43364
|
2024-10-10 21:57 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
256
|
- |
|
-
|
-
|
Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing onl…
Update
|
CWE-94
Code Injection
|
CVE-2024-43363
|
2024-10-10 21:57 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257
|
- |
|
-
|
-
|
Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access.
Update
|
-
|
CVE-2024-47976
|
2024-10-10 21:57 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258
|
- |
|
-
|
-
|
Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially control the performance of the resource.
Update
|
-
|
CVE-2024-47972
|
2024-10-10 21:57 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259
|
- |
|
-
|
-
|
Improper error handling in firmware of some SSD DC Products may allow an attacker to enable denial of service.
Update
|
-
|
CVE-2024-47971
|
2024-10-10 21:57 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260
|
- |
|
-
|
-
|
Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader projec…
Update
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2024-47079
|
2024-10-10 21:57 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|