1
|
- |
|
-
|
-
|
SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary J…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-56364
|
2024-12-24 01:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2
|
- |
|
-
|
-
|
Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, re…
New
|
CWE-150
Improper Neutralization of Escape, Meta, or Control Sequences
|
CVE-2024-56201
|
2024-12-24 01:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
3
|
- |
|
-
|
-
|
Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
New
|
CWE-22
Path Traversal
|
CVE-2024-55947
|
2024-12-24 01:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
4
|
- |
|
-
|
-
|
Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13…
New
|
CWE-22 CWE-61
Path Traversal UNIX Symbolic Link (Symlink) Following
|
CVE-2024-54148
|
2024-12-24 01:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
5
|
- |
|
-
|
-
|
Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to…
New
|
CWE-693 CWE-1336
Protection Mechanism Failure Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2024-56326
|
2024-12-24 01:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
6
|
- |
|
-
|
-
|
Rizin is a UNIX-like reverse engineering framework and command-line toolset. `rizin.c` still had an old snippet of code which suffered a command injection due the usage of `rz_core_cmdf` to invoke th…
New
|
CWE-78
OS Command
|
CVE-2024-53256
|
2024-12-24 01:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
7
|
- |
|
-
|
-
|
An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute a…
New
|
CWE-89 CWE-285
SQL Injection Improper Authorization
|
CVE-2024-45387
|
2024-12-24 01:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
8
|
- |
|
-
|
-
|
Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying t…
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-23945
|
2024-12-24 01:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
9
|
- |
|
-
|
-
|
Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185.
New
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2024-55539
|
2024-12-23 23:15 |
2024-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
10
|
- |
|
-
|
-
|
Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary …
New
|
CWE-276
Incorrect Default Permissions
|
CVE-2024-12903
|
2024-12-23 22:15 |
2024-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|