|
971
|
- |
|
-
|
-
|
Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation…
|
CWE-346
CWE-350
CWE-1385
Origin Validation Error
Reliance on Reverse DNS Resolution for a Security-Critical Action
Missing Origin Validation in WebSockets
|
CVE-2025-24010
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
972
|
- |
|
-
|
-
|
PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the …
|
CWE-352
Origin Validation Error
|
CVE-2025-23044
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
973
|
- |
|
-
|
-
|
gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them ap…
|
CWE-281
CWE-687
Improper Preservation of Permissions
Function Call With Incorrectly Specified Argument Value
|
CVE-2025-22620
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
974
|
- |
|
-
|
-
|
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays …
|
CWE-79
Cross-site Scripting
|
CVE-2025-22131
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
975
|
- |
|
-
|
-
|
Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack,…
|
CWE-476
CWE-305
CWE-841
NULL Pointer Dereference
Authentication Bypass by Primary Weakness
Improper Enforcement of Behavioral Workflow
|
CVE-2024-51738
|
2025-01-21 01:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
976
|
5.6 |
MEDIUM
Network
|
-
|
-
|
IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without pri…
|
CWE-620
Unverified Password Change
|
CVE-2024-45647
|
2025-01-21 00:15 |
2025-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
977
|
- |
|
-
|
-
|
WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.
|
-
|
CVE-2025-24337
|
2025-01-20 23:15 |
2025-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
978
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
io_eventfd_do_signal() is invoked from an RCU callback, bu…
|
-
|
CVE-2025-21655
|
2025-01-20 23:15 |
2025-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
979
|
- |
|
-
|
-
|
This vulnerability exists in the CP Plus Router due to insecure handling of cookie flags used within its web interface. A remote attacker could exploit this vulnerability by intercepting data transmi…
|
CWE-1004
CWE-614
Sensitive Cookie Without 'HttpOnly' Flag
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
CVE-2025-0479
|
2025-01-20 21:15 |
2025-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
980
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: adapt set backend to use GC transaction API
Use the GC transaction API to replace the old and buggy gc API …
|
-
|
CVE-2023-52923
|
2025-01-20 20:15 |
2025-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
