81
|
- |
|
-
|
-
|
Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure …
New
|
CWE-1004 CWE-614
Sensitive Cookie Without 'HttpOnly' Flag Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
CVE-2024-47833
|
2024-10-10 04:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
82
|
- |
|
-
|
-
|
ssoready is a single sign on provider implemented via docker. Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certai…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-47832
|
2024-10-10 04:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
83
|
- |
|
-
|
-
|
ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is a…
New
|
-
|
CVE-2024-47828
|
2024-10-10 04:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
84
|
- |
|
-
|
-
|
ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki h…
New
|
CWE-282
Improper Ownership Management
|
CVE-2024-47816
|
2024-10-10 04:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
85
|
- |
|
-
|
-
|
IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permis…
New
|
CWE-79 CWE-80
Cross-site Scripting Basic XSS
|
CVE-2024-47815
|
2024-10-10 04:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
86
|
- |
|
-
|
-
|
ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS p…
New
|
CWE-79 CWE-80
Cross-site Scripting Basic XSS
|
CVE-2024-47812
|
2024-10-10 04:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
87
|
6.1 |
MEDIUM
Network
|
rockoa
|
xinhu
|
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-37624
|
2024-10-10 03:44 |
2024-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
88
|
9.8 |
CRITICAL
Network
itsourcecode
|
online_book_store_project
|
A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file book.php. The manipulation of the argum…
Update
|
CWE-89
SQL Injection
|
CVE-2024-5984
|
2024-10-10 03:37 |
2024-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
89
|
9.1 |
CRITICAL
Network
apache
|
inlong
|
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong cou…
Update
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2023-31066
|
2024-10-10 03:35 |
2023-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
90
|
9.1 |
CRITICAL
Network
apache
|
inlong
|
Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.
An old session can be used by an attacker even…
Update
|
CWE-613
Insufficient Session Expiration
|
CVE-2023-31065
|
2024-10-10 03:35 |
2023-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|