|
191
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue affects the function upload of the file src/main/java/com/wdd/myblog/controller/admin/uploadControl…
New
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-13191
|
2025-01-9 08:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
192
|
- |
|
-
|
-
|
Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2025-22145
|
2025-01-9 06:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
193
|
- |
|
-
|
-
|
A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against …
New
|
-
|
CVE-2024-54010
|
2025-01-9 06:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194
|
- |
|
-
|
-
|
SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82,…
New
|
CWE-601
Open Redirect
|
CVE-2024-53995
|
2025-01-9 06:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
195
|
- |
|
-
|
-
|
Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux S…
New
|
-
|
CVE-2024-52869
|
2025-01-9 06:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196
|
- |
|
-
|
-
|
A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument …
New
|
CWE-74
CWE-91
Injection
Blind XPath Injection
|
CVE-2024-13190
|
2025-01-9 06:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197
|
- |
|
-
|
-
|
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of…
New
|
CWE-862
Missing Authorization
|
CVE-2024-12431
|
2025-01-9 06:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads …
New
|
-
|
CVE-2024-13189
|
2025-01-9 06:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199
|
- |
|
-
|
-
|
A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipu…
New
|
-
|
CVE-2024-13187
|
2025-01-9 06:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200
|
- |
|
-
|
-
|
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the listar_permissoes.php endpoint of the WeGIA application. This vulnerabil…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-22143
|
2025-01-9 05:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
