2101
|
- |
|
-
|
-
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user,…
|
CWE-648
Incorrect Use of Privileged APIs
|
CVE-2024-46978
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2102
|
- |
|
-
|
-
|
Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data.
|
-
|
CVE-2023-41611
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2103
|
- |
|
-
|
-
|
Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext.
|
-
|
CVE-2023-41610
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2104
|
- |
|
-
|
-
|
Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default `0.0.0.0` filter a user may bypass this block by using …
|
CWE-284
Improper Access Control
|
CVE-2024-46990
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2105
|
- |
|
-
|
-
|
find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is …
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2024-45813
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2106
|
- |
|
-
|
-
|
Wiki.js is an open source wiki app built on Node.js. A disabled user can still gain access to a wiki by abusing the password reset function. While setting up SMTP e-mail's on my server, I tested said…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2024-45298
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2107
|
- |
|
-
|
-
|
exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.
|
-
|
CVE-2023-47105
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2108
|
- |
|
-
|
-
|
Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.
|
-
|
CVE-2022-25777
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2109
|
- |
|
-
|
-
|
Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations.This issue affects Panel: before v2.3.24.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2024-6878
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2110
|
- |
|
-
|
-
|
An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a malicious…
|
-
|
CVE-2024-45858
|
2024-09-20 21:30 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|