421
|
- |
|
-
|
-
|
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-47951
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
422
|
- |
|
-
|
-
|
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-47950
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
423
|
- |
|
-
|
-
|
In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
New
|
CWE-23
Relative Path Traversal
|
CVE-2024-47949
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
424
|
- |
|
-
|
-
|
In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
New
|
CWE-23
Relative Path Traversal
|
CVE-2024-47948
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
425
|
- |
|
-
|
-
|
In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-47161
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
426
|
- |
|
-
|
-
|
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to…
New
|
-
|
CVE-2024-45231
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
427
|
- |
|
-
|
-
|
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via ve…
New
|
-
|
CVE-2024-45230
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
428
|
- |
|
-
|
-
|
A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The vulnerability is present in the SetStationSettings function. The system directly invokes the system function to …
New
|
-
|
CVE-2024-45880
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
429
|
- |
|
-
|
-
|
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
New
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2024-45330
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
430
|
- |
|
-
|
-
|
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigne…
New
|
CWE-200
Information Exposure
|
CVE-2024-33506
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|