|
41
|
- |
|
-
|
-
|
ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects (Playlist, smartlist etc.). Cross-Site Request Forgery (CSRF) is a…
New
|
-
|
CVE-2024-47828
|
2024-10-10 04:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
42
|
- |
|
-
|
-
|
ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki h…
New
|
CWE-282
Improper Ownership Management
|
CVE-2024-47816
|
2024-10-10 04:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
43
|
- |
|
-
|
-
|
IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permis…
New
|
CWE-79
CWE-80
Cross-site Scripting
Basic XSS
|
CVE-2024-47815
|
2024-10-10 04:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
44
|
- |
|
-
|
-
|
ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS p…
New
|
CWE-79
CWE-80
Cross-site Scripting
Basic XSS
|
CVE-2024-47812
|
2024-10-10 04:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
45
|
8.1 |
HIGH
Network
|
-
|
-
|
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for…
New
|
CWE-200
Information Exposure
|
CVE-2024-3656
|
2024-10-10 04:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
46
|
6.1 |
MEDIUM
Network
|
rockoa
|
xinhu
|
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-37624
|
2024-10-10 03:44 |
2024-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
47
|
9.8 |
CRITICAL
Network
itsourcecode
|
online_book_store_project
|
A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file book.php. The manipulation of the argum…
Update
|
CWE-89
SQL Injection
|
CVE-2024-5984
|
2024-10-10 03:37 |
2024-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
48
|
9.1 |
CRITICAL
Network
apache
|
inlong
|
Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong cou…
Update
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2023-31066
|
2024-10-10 03:35 |
2023-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
49
|
9.1 |
CRITICAL
Network
apache
|
inlong
|
Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.
An old session can be used by an attacker even…
Update
|
CWE-613
Insufficient Session Expiration
|
CVE-2023-31065
|
2024-10-10 03:35 |
2023-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
50
|
7.5 |
HIGH
Network
apache
|
inlong
|
Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.
The attacker can bind any…
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-31454
|
2024-10-10 03:35 |
2023-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
