1981
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system.
|
NVD-CWE-noinfo
|
CVE-2024-40843
|
2024-09-25 00:02 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1982
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
|
NVD-CWE-noinfo
|
CVE-2024-40842
|
2024-09-24 23:56 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1983
|
7.5 |
HIGH
Network
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-40770
|
2024-09-24 23:55 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1984
|
4.3 |
MEDIUM
Adjacent
|
google
|
nearby
|
There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the us…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2024-38272
|
2024-09-24 23:34 |
2024-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1985
|
8.8 |
HIGH
Network
|
mintplexlabs
|
anythingllm
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded li…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-3149
|
2024-09-24 23:19 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1986
|
6.5 |
MEDIUM
Network
|
gaizhenbiao
|
chuanhuchatgpt
|
In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypas…
|
CWE-284
Improper Access Control
|
CVE-2024-3404
|
2024-09-24 23:11 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1987
|
9.8 |
CRITICAL
Network
gaizhenbiao
|
chuanhuchatgpt
|
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources wi…
|
CWE-22
Path Traversal
|
CVE-2024-3234
|
2024-09-24 23:09 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1988
|
8.6 |
HIGH
Network
zylon
|
privategpt
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could res…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-5186
|
2024-09-24 23:04 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1989
|
5.4 |
MEDIUM
Network
|
gaizhenbiao
|
chuanhuchatgpt
|
A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input va…
|
CWE-79
Cross-site Scripting
|
CVE-2024-3402
|
2024-09-24 23:04 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1990
|
6.3 |
MEDIUM
Network
|
kanboard
|
kanboard
|
Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-36399
|
2024-09-24 22:59 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|