151
|
6.1 |
MEDIUM
Network
|
dedecms
|
dedecms
|
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-49492
|
2024-10-10 00:35 |
2023-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
152
|
7.5 |
HIGH
Network
dallmann-consulting
|
open_charge_point_protocol
|
An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional,…
Update
|
CWE-20
Improper Input Validation
|
CVE-2023-49958
|
2024-10-10 00:35 |
2023-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
153
|
8.8 |
HIGH
Network
|
phpjabbers
|
appointment_scheduler
|
Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
Update
|
CWE-74
Injection
|
CVE-2023-48841
|
2024-10-10 00:35 |
2023-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
154
|
6.5 |
MEDIUM
Network
|
docker
|
machine
|
Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (v…
Update
|
NVD-CWE-Other
|
CVE-2023-40453
|
2024-10-10 00:35 |
2023-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
155
|
8.8 |
HIGH
Network
|
apache
|
streampipes
|
A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges …
Update
|
CWE-269
Improper Privilege Management
|
CVE-2023-31469
|
2024-10-10 00:35 |
2023-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
156
|
7.5 |
HIGH
Network
apache
|
tomcat
|
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for th…
Update
|
NVD-CWE-noinfo
|
CVE-2023-34981
|
2024-10-10 00:35 |
2023-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
157
|
9.8 |
CRITICAL
Network
apache
|
accumulo
|
Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo.
This issue affects Apache Accumulo: 2.1.0.
Accumulo 2.1.0 contains a defect in the user authentication process th…
Update
|
CWE-287
Improper Authentication
|
CVE-2023-34340
|
2024-10-10 00:35 |
2023-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
158
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
KVM: s390: fix validity interception issue when gisa is switched off
We might run into a SIE validity if gisa has been disabled e…
Update
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-45005
|
2024-10-10 00:30 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
159
|
6.5 |
MEDIUM
Network
|
lunary
|
lunary
|
An improper access control vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, where an admin can update any organization user to the organization owner. This vulnerability a…
Update
|
NVD-CWE-noinfo
|
CVE-2024-3504
|
2024-10-10 00:27 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
160
|
7.2 |
HIGH
Network
|
storeapps
|
smart_manager
|
The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users s…
Update
|
CWE-89
SQL Injection
|
CVE-2024-0566
|
2024-10-10 00:23 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|