2041
|
6.1 |
MEDIUM
Network
|
nuxt
|
nuxt
|
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The `navigateTo` function attempts to blockthe `javascript:` protocol, but does not correctly …
|
CWE-79
Cross-site Scripting
|
CVE-2024-34343
|
2024-09-20 04:57 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2042
|
9.8 |
CRITICAL
Network
adobe google redhat suse opensuse
|
flash_player chrome enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_desktop enterprise_linux_eus linux_enterprise_desktop ope…
|
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute ar…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2014-0497
|
2024-09-20 04:56 |
2014-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2043
|
8.1 |
HIGH
Network
|
yunknet
|
online_school_system
|
A vulnerability was found in ?????????? Yunke Online School System up to 1.5.5. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/educloud/videobind.html…
|
NVD-CWE-Other
|
CVE-2024-8417
|
2024-09-20 04:53 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2044
|
8.8 |
HIGH
Network
|
adobe suse opensuse redhat
|
flash_player adobe_air_sdk adobe_air linux_enterprise_desktop opensuse enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_deskto…
|
Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on…
|
CWE-415
Double Free
|
CVE-2014-0502
|
2024-09-20 04:53 |
2014-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2045
|
8.8 |
HIGH
Network
|
adobe suse opensuse redhat
|
flash_player linux_enterprise_desktop opensuse enterprise_linux_server_aus enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_eus
|
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and…
|
NVD-CWE-noinfo
|
CVE-2013-0648
|
2024-09-20 04:51 |
2013-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2046
|
8.8 |
HIGH
Network
|
adobe redhat suse opensuse
|
flash_player enterprise_linux_server_aus enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_eus linux_enterprise_desktop opensuse
|
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly rest…
|
NVD-CWE-noinfo
|
CVE-2013-0643
|
2024-09-20 04:48 |
2013-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2047
|
4.3 |
MEDIUM
Network
|
lunary
|
lunary
|
A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-6582
|
2024-09-20 04:45 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2048
|
8.8 |
HIGH
Network
|
thingsboard
|
thingsboard
|
ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent…
|
CWE-74
Injection
|
CVE-2023-45303
|
2024-09-20 04:35 |
2023-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2049
|
7.5 |
HIGH
Network
nasa
|
openmct
|
In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2023-45282
|
2024-09-20 04:35 |
2023-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2050
|
9.8 |
CRITICAL
Network
presto-changeo
|
attribute_grid
|
Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php.
|
CWE-89
SQL Injection
|
CVE-2023-43983
|
2024-09-20 04:35 |
2023-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|