951
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2022-4916
|
2024-10-3 06:35 |
2023-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
952
|
4.9 |
MEDIUM
Network
|
geomatika
|
isigeo_web
|
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion.
|
NVD-CWE-Other
|
CVE-2023-23565
|
2024-10-3 05:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
953
|
9.8 |
CRITICAL
Network
apache
|
inlong
|
Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7…
|
CWE-89
SQL Injection
|
CVE-2023-35088
|
2024-10-3 05:35 |
2023-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
954
|
9.8 |
CRITICAL
Network
apache
|
helix
|
An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLo…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2023-38647
|
2024-10-3 05:35 |
2023-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
955
|
9.8 |
CRITICAL
Network
apache
|
jackrabbit
|
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unst…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2023-37895
|
2024-10-3 05:35 |
2023-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
956
|
- |
|
-
|
-
|
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. …
|
CWE-1327
|
CVE-2024-47176
|
2024-10-3 05:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
957
|
- |
|
-
|
-
|
RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users …
|
CWE-20
Improper Input Validation
|
CVE-2024-47179
|
2024-10-3 05:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
958
|
6.5 |
MEDIUM
Network
|
cisco
|
ios_xe ios
|
A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affec…
|
CWE-352
Origin Validation Error
|
CVE-2024-20414
|
2024-10-3 05:02 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
959
|
7.2 |
HIGH
Network
|
prisna
|
google_website_translator
|
The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'pri…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8514
|
2024-10-3 04:59 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
960
|
5.4 |
MEDIUM
Network
|
themexclub
|
oneelements
|
The OneElements – Best Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.7 due to insufficient input sa…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9068
|
2024-10-3 04:55 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|