581
|
- |
|
-
|
-
|
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of au…
New
|
CWE-284
Improper Access Control
|
CVE-2024-7475
|
2024-10-29 23:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
582
|
- |
|
-
|
-
|
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. …
New
|
CWE-284
Improper Access Control
|
CVE-2024-7474
|
2024-10-29 23:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
583
|
- |
|
-
|
-
|
A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, direct…
New
|
CWE-22
Path Traversal
|
CVE-2024-5982
|
2024-10-29 23:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
584
|
- |
|
-
|
-
|
Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects F…
New
|
-
|
CVE-2024-10474
|
2024-10-29 23:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
585
|
- |
|
-
|
-
|
In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affe…
New
|
-
|
CVE-2024-10461
|
2024-10-29 23:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
586
|
- |
|
-
|
-
|
Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost & Clean v2.2.0 allows attackers to bypass fingerprint authentication due to the use of a deprecated API.
Update
|
-
|
CVE-2024-31682
|
2024-10-29 23:35 |
2024-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
587
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net/smc: fix kernel panic caused by race of smc_sock
A crash occurs when smc_cdc_tx_handler() tries to access smc_sock
but smc_re…
Update
|
CWE-362
Race Condition
|
CVE-2021-46925
|
2024-10-29 23:35 |
2024-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
588
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback
Current code blindly writes over the SWERR and the OVERFLOW bi…
Update
|
NVD-CWE-noinfo
|
CVE-2021-46920
|
2024-10-29 23:35 |
2024-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
589
|
4.4 |
MEDIUM
Local
|
hcltech
|
bigfix_patch_management
|
Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user.
Update
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2022-42451
|
2024-10-29 23:35 |
2023-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
590
|
5.4 |
MEDIUM
Network
|
navblue
|
s.a.s_n-ops_\&_crew
|
NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting (XSS).
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-44349
|
2024-10-29 23:35 |
2023-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|