|
1091
|
- |
|
-
|
-
|
In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use o…
New
|
CWE-834
Excessive Iteration
|
CVE-2024-8049
|
2024-11-14 02:01 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1092
|
- |
|
-
|
-
|
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this informat…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-7295
|
2024-11-14 02:01 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1093
|
- |
|
-
|
-
|
FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerabilit…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-52306
|
2024-11-14 02:01 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1094
|
- |
|
-
|
-
|
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account wi…
New
|
CWE-616
CWE-692
Incomplete Denylist to Cross-Site Scripting
|
CVE-2024-52305
|
2024-11-14 02:01 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1095
|
- |
|
-
|
-
|
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact…
New
|
CWE-80
Basic XSS
|
CVE-2024-52300
|
2024-11-14 02:01 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1096
|
- |
|
-
|
-
|
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to pr…
New
|
CWE-340
Generation of Predictable Numbers or Identifiers
|
CVE-2024-52299
|
2024-11-14 02:01 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1097
|
- |
|
-
|
-
|
DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and O…
New
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-52295
|
2024-11-14 02:01 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1098
|
- |
|
-
|
-
|
Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via tw…
New
|
CWE-22
Path Traversal
|
CVE-2024-52293
|
2024-11-14 02:01 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1099
|
- |
|
-
|
-
|
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker…
New
|
CWE-615
|
CVE-2024-52298
|
2024-11-14 02:01 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1100
|
- |
|
-
|
-
|
In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability.
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-10013
|
2024-11-14 02:01 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
