1
|
- |
|
-
|
-
|
A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section.…
New
|
CWE-89
SQL Injection
|
CVE-2024-9008
|
2024-09-20 08:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2
|
- |
|
-
|
-
|
A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. This affects an unknown part of the file /detailed.php. The manipulation of the argument date1 leads to cross …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9007
|
2024-09-20 08:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
3
|
- |
|
-
|
-
|
A vulnerability was found in jeanmarc77 123solar 1.8.4.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file config/config_invt1.php. The manipulation of …
New
|
-
|
CVE-2024-9006
|
2024-09-20 08:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
4
|
- |
|
-
|
-
|
A flaw was found in Envoy. It is possible to modify or manipulate headers from external clients when pass-through routes are used for the ingress gateway. This issue could allow a malicious user to f…
New
|
CWE-20
Improper Input Validation
|
CVE-2024-7207
|
2024-09-20 08:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
5
|
- |
|
-
|
-
|
The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons p…
New
|
CWE-611
XXE
|
CVE-2024-46984
|
2024-09-20 08:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
6
|
- |
|
-
|
-
|
sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous cla…
New
|
CWE-74
Injection
|
CVE-2024-46983
|
2024-09-20 08:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
7
|
- |
|
-
|
-
|
Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-45614
|
2024-09-20 08:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
8
|
- |
|
-
|
-
|
Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT …
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2023-27584
|
2024-09-20 08:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
9
|
- |
|
-
|
-
|
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the req…
New
|
CWE-345 CWE-348
Insufficient Verification of Data Authenticity Use of Less Trusted Source
|
CVE-2024-45410
|
2024-09-20 08:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
10
|
6.3 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-38207
|
2024-09-20 07:15 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|