1581
|
6.1 |
MEDIUM
Network
|
stormhillmedia
|
mybook_table_bookstore
|
Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore allows Cross-Site Scripting (XSS).This issue affects MyBookTable Bookstore: from n/a through 3.3.9.
|
CWE-352
Origin Validation Error
|
CVE-2024-43255
|
2024-09-18 03:08 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1582
|
9.6 |
CRITICAL
Network
|
joplin_project
|
joplin
|
Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non letter character will not be considered html. As such it is possible to d…
|
CWE-79
Cross-site Scripting
|
CVE-2024-40643
|
2024-09-18 03:03 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1583
|
6.5 |
MEDIUM
Network
|
techexcel
|
back_office_software
|
This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. An authenticated remote attacker could exploit this vulne…
|
CWE-863
Incorrect Authorization
|
CVE-2024-8601
|
2024-09-18 02:54 |
2024-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1584
|
7.1 |
HIGH
Local
|
microsoft
|
azure_network_watcher_agent
|
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-38188
|
2024-09-18 02:49 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1585
|
7.3 |
HIGH
Local
|
microsoft
|
azure_network_watcher_agent
|
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-43470
|
2024-09-18 02:35 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1586
|
9.8 |
CRITICAL
Network
extremenetworks
|
exos
|
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via…
|
CWE-863
Incorrect Authorization
|
CVE-2023-43119
|
2024-09-18 02:35 |
2023-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1587
|
8.8 |
HIGH
Network
|
extremenetworks
|
exos
|
An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request.
|
NVD-CWE-noinfo
|
CVE-2023-43120
|
2024-09-18 02:35 |
2023-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1588
|
4.3 |
MEDIUM
Network
|
angularjs
|
angular.js
|
Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Cont…
|
NVD-CWE-Other
|
CVE-2024-8373
|
2024-09-18 02:32 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1589
|
3.1 |
LOW
Adjacent
|
rapid7
|
insight_platform
|
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of…
|
CWE-862
Missing Authorization
|
CVE-2024-8042
|
2024-09-18 02:25 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1590
|
4.3 |
MEDIUM
Network
|
angularjs
|
angular.js
|
Improper sanitization of the value of the '[srcset]' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owa…
|
NVD-CWE-Other
|
CVE-2024-8372
|
2024-09-18 02:24 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|