591
|
- |
|
-
|
-
|
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set…
Update
|
-
|
CVE-2024-7594
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
592
|
- |
|
-
|
-
|
Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version < `server-2024-09-25` are v…
Update
|
CWE-74
Injection
|
CVE-2024-47180
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
593
|
- |
|
-
|
-
|
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function.
Update
|
-
|
CVE-2024-46628
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
594
|
- |
|
-
|
-
|
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.
Update
|
-
|
CVE-2024-8118
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
595
|
- |
|
-
|
-
|
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen loca…
Update
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2024-47171
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
596
|
- |
|
-
|
-
|
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chos…
Update
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2024-47170
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
597
|
- |
|
-
|
-
|
RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users …
Update
|
CWE-20
Improper Input Validation
|
CVE-2024-47179
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
598
|
- |
|
-
|
-
|
Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, `<nix/fetchurl.nix>` did not verify TLS certificates on HTTPS connections.…
Update
|
CWE-287
Improper Authentication
|
CVE-2024-47174
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
599
|
- |
|
-
|
-
|
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen …
Update
|
CWE-434 CWE-35
Unrestricted Upload of File with Dangerous Type Path Traversal: '.../...//'
|
CVE-2024-47169
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
600
|
- |
|
-
|
-
|
The goTenna Pro series allows unauthenticated attackers to remotely update the local public keys used for P2P and Group messages.
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-47130
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|