|
951
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw a…
Update
|
CWE-59
Link Following
|
CVE-2024-9341
|
2024-10-31 14:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
952
|
- |
|
-
|
-
|
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, …
Update
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2024-3727
|
2024-10-31 14:15 |
2024-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
953
|
7.5 |
HIGH
Network
automaticsystems
|
soc_fl9600_firstlane_firmware
|
Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter.
Update
|
CWE-22
Path Traversal
|
CVE-2023-37607
|
2024-10-31 13:15 |
2024-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
954
|
7.5 |
HIGH
Network
automaticsystems
|
soc_fl9600_firstlane_firmware
|
An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its…
Update
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2023-37608
|
2024-10-31 13:15 |
2024-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
955
|
9.8 |
CRITICAL
Network
swoopnow
|
1-click_login\
|
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless Authentication allows Authentication Bypass.This issue affects 1-Click Login: Passwordless Authentication:…
Update
|
CWE-287
Improper Authentication
|
CVE-2024-50478
|
2024-10-31 10:44 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
956
|
5.4 |
MEDIUM
Network
|
amilia
|
store
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Martin Drapeau Amilia Store allows Stored XSS.This issue affects Amilia Store: from n/a th…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-50472
|
2024-10-31 10:42 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
957
|
5.4 |
MEDIUM
Network
|
checklist
|
trip_plan
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Checklist Trip Plan allows Stored XSS.This issue affects Trip Plan: from n/a through 1.0.1…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-50471
|
2024-10-31 10:37 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
958
|
5.4 |
MEDIUM
Network
|
themes4wp
|
youtube_external_subtitles
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themes4WP Themes4WP YouTube External Subtitles allows Stored XSS.This issue affects Themes…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-50470
|
2024-10-31 10:30 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
959
|
6.5 |
MEDIUM
Network
|
squirrly
|
premium_seo_pack
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP SEO – Calin Vingan Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: …
Update
|
CWE-89
SQL Injection
|
CVE-2024-50465
|
2024-10-31 10:27 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
960
|
8.8 |
HIGH
Network
|
projectworlds
|
online_time_table_generator
|
A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashbo…
Update
|
CWE-89
SQL Injection
|
CVE-2024-10447
|
2024-10-31 10:23 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
