881
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.
Update
|
NVD-CWE-Other
|
CVE-2023-1401
|
2024-10-9 04:38 |
2023-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
882
|
- |
|
-
|
-
|
OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint.
Update
|
-
|
CVE-2024-45933
|
2024-10-9 04:35 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
883
|
- |
|
-
|
-
|
TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url.
Update
|
-
|
CVE-2024-46325
|
2024-10-9 04:35 |
2024-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
884
|
5.3 |
MEDIUM
Network
pete4abw
|
lzma_software_development_kit
|
lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c.
Update
|
NVD-CWE-Other
|
CVE-2023-39743
|
2024-10-9 04:35 |
2023-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
885
|
5.3 |
MEDIUM
Network
jenkins
|
gogs
|
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.
Update
|
NVD-CWE-noinfo
|
CVE-2023-40348
|
2024-10-9 04:35 |
2023-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
886
|
8.8 |
HIGH
Network
|
google fedoraproject debian
|
chrome fedora debian_linux
|
Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severi…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2023-1812
|
2024-10-9 04:35 |
2023-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
887
|
8.8 |
HIGH
Network
|
google fedoraproject debian
|
chrome fedora debian_linux
|
Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a craft…
Update
|
CWE-416
Use After Free
|
CVE-2023-1811
|
2024-10-9 04:35 |
2023-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
888
|
8.8 |
HIGH
Network
|
google fedoraproject debian
|
chrome fedora debian_linux
|
Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pa…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2023-1810
|
2024-10-9 04:35 |
2023-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
889
|
8.8 |
HIGH
Network
|
google fedoraproject
|
chrome fedora
|
Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2023-1534
|
2024-10-9 04:35 |
2023-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
890
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue descr…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2023-0921
|
2024-10-9 04:23 |
2023-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|