561
|
- |
|
-
|
-
|
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which i…
New
|
-
|
CVE-2024-46081
|
2024-10-2 05:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
562
|
- |
|
-
|
-
|
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter.
New
|
-
|
CVE-2024-46079
|
2024-10-2 05:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
563
|
- |
|
-
|
-
|
It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131,…
New
|
-
|
CVE-2024-9396
|
2024-10-2 05:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
564
|
4.6 |
MEDIUM
Physics
|
ibm
|
infosphere_information_server
|
IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727.
Update
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2024-37533
|
2024-10-2 05:35 |
2024-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
565
|
7.8 |
HIGH
Local
|
google
|
android
|
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges
Update
|
CWE-862
Missing Authorization
|
CVE-2023-38460
|
2024-10-2 05:35 |
2023-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
566
|
7.5 |
HIGH
Network
apache
|
apache-airflow-providers-apache-spark
|
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to re…
Update
|
NVD-CWE-noinfo
|
CVE-2023-40272
|
2024-10-2 05:35 |
2023-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
567
|
8.8 |
HIGH
Network
|
google debian fedoraproject
|
chrome debian_linux fedora
|
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security seve…
Update
|
NVD-CWE-noinfo
|
CVE-2023-4357
|
2024-10-2 05:35 |
2023-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
568
|
7.5 |
HIGH
Network
duckdb
|
duckdb
|
DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using `sniff_csv`, even with `enable_external_access=false`. This vulnerabilit…
Update
|
NVD-CWE-noinfo
|
CVE-2024-41672
|
2024-10-2 05:33 |
2024-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
569
|
9.8 |
CRITICAL
Network
tenda
|
o3_firmware
|
A vulnerability was found in Tenda O3 1.0.0.10(2478). It has been declared as critical. This vulnerability affects the function fromMacFilterSet of the file /goform/setMacFilter. The manipulation of …
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-7151
|
2024-10-2 05:28 |
2024-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
570
|
- |
|
-
|
-
|
A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, specifically within the get_station_info()function located in the file /application/models/Oqrs_model.php. The vulnerability is exploi…
New
|
-
|
CVE-2024-45999
|
2024-10-2 05:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|