381
|
- |
|
-
|
-
|
Confidant is a open source secret management service that provides user-friendly storage and access to secrets. The following endpoints are subject to a cross site scripting vulnerability: GET /v1/cr…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-45793
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
382
|
- |
|
-
|
-
|
Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding pa…
Update
|
CWE-89
SQL Injection
|
CVE-2024-47062
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
383
|
- |
|
-
|
-
|
Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM att…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-47061
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
384
|
- |
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Update
|
-
|
CVE-2024-46654
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
385
|
- |
|
-
|
-
|
Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. An attacker can potentially replace the cont…
Update
|
CWE-200
Information Exposure
|
CVE-2024-42351
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
386
|
- |
|
-
|
-
|
Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations en…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-42346
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
387
|
- |
|
-
|
-
|
The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. Howeve…
Update
|
-
|
CVE-2024-45229
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
388
|
3.8 |
LOW
Local
|
-
|
-
|
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_compl…
Update
|
CWE-200
Information Exposure
|
CVE-2024-8612
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
389
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows a remote attacker to execute arbitrary code via the q parameter of the product search function.
Update
|
-
|
CVE-2024-42697
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
390
|
- |
|
-
|
-
|
A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=update_accoun…
Update
|
-
|
CVE-2024-9041
|
2024-09-26 22:32 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|