2461
|
9.8 |
CRITICAL
Network
gaizhenbiao
|
chuanhuchatgpt
|
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources wi…
|
CWE-22
Path Traversal
|
CVE-2024-3234
|
2024-09-24 23:09 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2462
|
8.6 |
HIGH
Network
zylon
|
privategpt
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could res…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-5186
|
2024-09-24 23:04 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2463
|
5.4 |
MEDIUM
Network
|
gaizhenbiao
|
chuanhuchatgpt
|
A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input va…
|
CWE-79
Cross-site Scripting
|
CVE-2024-3402
|
2024-09-24 23:04 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2464
|
6.3 |
MEDIUM
Network
|
kanboard
|
kanboard
|
Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-36399
|
2024-09-24 22:59 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2465
|
7.8 |
HIGH
Local
|
a10networks
|
advanced_core_operating_system
|
A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-30369
|
2024-09-24 22:55 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2466
|
8.8 |
HIGH
Network
|
a10networks
|
advanced_core_operating_system
|
A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC…
|
CWE-77
Command Injection
|
CVE-2024-30368
|
2024-09-24 22:54 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2467
|
8.8 |
HIGH
Network
|
agpt
|
autogpt
|
A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the…
|
CWE-352
Origin Validation Error
|
CVE-2024-1879
|
2024-09-24 22:54 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2468
|
8.1 |
HIGH
Network
|
micropython
|
micropython
|
A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use …
|
CWE-416
Use After Free
|
CVE-2024-8947
|
2024-09-24 22:17 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2469
|
7.5 |
HIGH
Network
micropython
|
micropython
|
A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipula…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-8946
|
2024-09-24 22:11 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2470
|
7.8 |
HIGH
Local
|
microsoft
|
visio office 365_apps office_long_term_servicing_channel
|
Microsoft Office Visio Remote Code Execution Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-38016
|
2024-09-24 20:11 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|