2321
|
6.1 |
MEDIUM
Network
|
syspass
|
syspass
|
A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientCon…
|
CWE-79
Cross-site Scripting
|
CVE-2024-42904
|
2024-09-13 05:19 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2322
|
4.8 |
MEDIUM
Network
|
xibosignage
|
xibo
|
Xibo is an open source digital signage platform with a web content management system (CMS). Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43413
|
2024-09-13 05:18 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2323
|
5.4 |
MEDIUM
Network
|
cloudcannon
|
pagefinder
|
Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking …
|
CWE-79
Cross-site Scripting
|
CVE-2024-45389
|
2024-09-13 05:17 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2324
|
- |
|
-
|
-
|
Rejected reason: DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2024-45593. Reason: This record is a reservation duplicate of CVE-2024-45593. Notes: All CVE users should reference CVE-2024-45593 instea…
|
-
|
CVE-2024-45845
|
2024-09-13 05:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2325
|
9.8 |
CRITICAL
Network
blakeembrey
|
template
|
@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.…
|
CWE-94
Code Injection
|
CVE-2024-45390
|
2024-09-13 05:15 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2326
|
- |
|
-
|
-
|
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler i…
|
CWE-364
Signal Handler Race Condition
|
CVE-2024-6409
|
2024-09-13 05:15 |
2024-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2327
|
- |
|
-
|
-
|
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such…
|
CWE-200
Information Exposure
|
CVE-2024-28834
|
2024-09-13 05:15 |
2024-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2328
|
9.8 |
CRITICAL
Network
fastcms_project
|
fastcms
|
A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2023-0651
|
2024-09-13 05:15 |
2023-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2329
|
7.5 |
HIGH
Network
tina
|
tina
|
Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search toke…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-45391
|
2024-09-13 05:13 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2330
|
4.2 |
MEDIUM
Physics
|
yubico
|
yubikey_5c_nfc_firmware yubikey_5_nfc_firmware yubikey_5c_firmware yubikey_5_nano_firmware yubikey_5c_nano_firmware yubikey_5ci_firmware yubikey_5_nfc_fips_firmware yubikey_5c_nf…
|
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive eq…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-45678
|
2024-09-13 05:07 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|