331
|
7.2 |
HIGH
Network
|
oretnom23
|
online_exam_system
|
A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /admin-dashboard. The manipulation leads to improper access…
Update
|
NVD-CWE-noinfo
|
CVE-2024-10353
|
2024-10-31 01:21 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
332
|
7.8 |
HIGH
Local
|
-
|
-
|
An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation …
Update
|
NVD-CWE-noinfo
|
CVE-2022-38176
|
2024-10-31 01:17 |
2022-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
333
|
- |
|
-
|
-
|
I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is bro…
New
|
CWE-80
Basic XSS
|
CVE-2024-50344
|
2024-10-31 01:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
334
|
- |
|
-
|
-
|
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands int…
Update
|
-
|
CVE-2024-9287
|
2024-10-31 01:15 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
335
|
6.1 |
MEDIUM
Network
|
archerirm
|
archer
|
Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. A remote unauthenticated attacker could potentially exploit this by tricking a vic…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-49210
|
2024-10-31 01:13 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
336
|
6.1 |
MEDIUM
Network
|
archerirm
|
archer
|
Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. A remote unauthenticated attacker could potentially exploit this by tricking…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-49211
|
2024-10-31 01:08 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
337
|
5.4 |
MEDIUM
Network
|
wordpress
|
wordpress
|
WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consist…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-4973
|
2024-10-31 00:58 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
338
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ublk: don't allow user copy for unprivileged device
UBLK_F_USER_COPY requires userspace to call write() on ublk char
device for f…
New
|
NVD-CWE-noinfo
|
CVE-2024-50080
|
2024-10-31 00:54 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
339
|
9.1 |
CRITICAL
Network
siemens
|
intermesh_7177_hybrid_2.0_subscriber intermesh_7707_fire_subscriber_firmware
|
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which…
Update
|
NVD-CWE-noinfo
|
CVE-2024-47903
|
2024-10-31 00:54 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
340
|
5.4 |
MEDIUM
Network
|
ysoft
|
safeq
|
Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-23861
|
2024-10-31 00:49 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|