51
|
- |
|
-
|
-
|
An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal.
New
|
-
|
CVE-2024-46212
|
2024-10-17 06:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
52
|
- |
|
-
|
-
|
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.
New
|
-
|
CVE-2024-44762
|
2024-10-17 06:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
53
|
- |
|
-
|
-
|
RDS Light is a simplified version of the Reflective Dialogue System (RDS), a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation wit…
New
|
CWE-20 CWE-74
Improper Input Validation Injection
|
CVE-2024-48918
|
2024-10-17 06:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
54
|
- |
|
-
|
-
|
Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the…
New
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2024-47889
|
2024-10-17 06:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
55
|
- |
|
-
|
-
|
Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plai…
New
|
-
|
CVE-2024-47888
|
2024-10-17 06:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
56
|
- |
|
-
|
-
|
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability…
New
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2024-47887
|
2024-10-17 06:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
57
|
4.3 |
MEDIUM
Network
|
sap
|
fiori
|
The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-25643
|
2024-10-17 06:15 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
58
|
4.8 |
MEDIUM
Network
|
esri
|
portal_for_arcgis
|
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-25702
|
2024-10-17 06:03 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
59
|
4.8 |
MEDIUM
Network
|
esri
|
portal_for_arcgis
|
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-25701
|
2024-10-17 06:00 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
60
|
4.8 |
MEDIUM
Network
|
esri
|
portal_for_arcgis
|
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 10.8.1 – 10.9.1 that may allow a remote, authenticated attacker to create a crafted link that is sto…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-25694
|
2024-10-17 06:00 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|