121
|
- |
|
-
|
-
|
AIML Chatbot 1.0 (fixed in 2.0) is vulnerable to Cross Site Scripting (XSS). The vulnerability is exploited through the message input field, where attackers can inject malicious HTML or JavaScript co…
Update
|
-
|
CVE-2024-48396
|
2024-10-31 05:35 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
122
|
7.5 |
HIGH
Network
octavolabs
|
vernemq
|
A memory allocation issue in vernemq v2.0.1 allows attackers to cause a Denial of Service (DoS) via excessive memory consumption.
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-44459
|
2024-10-31 05:35 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
123
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in the component /email/welcome.php of Mini Inventory and Sales Management System commit 18aa3d allows attackers to execute arbitrary web scripts or HTML vi…
Update
|
-
|
CVE-2024-42550
|
2024-10-31 05:35 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
124
|
6.8 |
MEDIUM
Physics
|
gncchome
|
gncc_c2_firmware
|
Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port.
New
|
CWE-287
Improper Authentication
|
CVE-2024-31800
|
2024-10-31 05:35 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
125
|
5.5 |
MEDIUM
Local
|
isellerpal
|
enterprise_resource_management_system
|
An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. Aspx component
Update
|
NVD-CWE-noinfo
|
CVE-2024-42677
|
2024-10-31 05:35 |
2024-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
126
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTM…
Update
|
NVD-CWE-noinfo
|
CVE-2024-6999
|
2024-10-31 05:35 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
127
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
|
A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions.
*This issue only affects Android versions of Firefox.* Thi…
Update
|
NVD-CWE-Other
|
CVE-2024-7523
|
2024-10-31 05:35 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
128
|
6.5 |
MEDIUM
Network
|
haxx
|
libcurl
|
libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an
ASN.1 Generalized Time field. If given an syntactically incorrect field, the
parser might end up using -1 for the length…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2024-7264
|
2024-10-31 05:35 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
129
|
5.4 |
MEDIUM
Network
|
oretnom23
|
lost_and_found_information_system
|
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-37856
|
2024-10-31 05:35 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
130
|
7.5 |
HIGH
Network
samsung
|
exynos_850_firmware exynos_1080_firmware exynos_2100_firmware exynos_2200_firmware exynos_1280_firmware exynos_1380_firmware exynos_1330_firmware exynos_w930_firmware
|
A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check …
Update
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2024-27360
|
2024-10-31 05:35 |
2024-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|