|
1781
|
7.1 |
HIGH
Network
|
lollms
|
lollms_web_ui
|
A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from othe…
|
CWE-346
Origin Validation Error
|
CVE-2024-6674
|
2024-11-2 05:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1782
|
5.4 |
MEDIUM
Network
|
chartscss
|
coub
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rami Yushuvaev Coub allows Stored XSS.This issue affects Coub: from n/a through 1.4.
|
CWE-79
Cross-site Scripting
|
CVE-2024-49659
|
2024-11-2 05:25 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1783
|
6.1 |
MEDIUM
Network
|
abdullahirfan
|
documentpress
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Irfan DocumentPress allows Reflected XSS.This issue affects DocumentPress: from n…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49656
|
2024-11-2 05:24 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1784
|
6.1 |
MEDIUM
Network
|
marianheddesheimer
|
extra_privacy_for_elementor
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marian Heddesheimer Extra Privacy for Elementor allows Reflected XSS.This issue affects Ex…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49654
|
2024-11-2 05:24 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1785
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Deallocate DML memory if allocation fails
[Why]
When DC state create DML memory allocation fails, memory is not
…
|
NVD-CWE-noinfo
|
CVE-2024-49972
|
2024-11-2 05:18 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1786
|
5.4 |
MEDIUM
Network
|
cisco
|
secure_firewall_management_center
|
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack …
|
CWE-79
Cross-site Scripting
|
CVE-2024-20300
|
2024-11-2 05:14 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1787
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Increase array size of dummy_boolean
[WHY]
dml2_core_shared_mode_support and dml_core_mode_support access the th…
|
NVD-CWE-noinfo
|
CVE-2024-49971
|
2024-11-2 04:59 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1788
|
6.7 |
MEDIUM
Local
|
cisco
|
adaptive_security_appliance_software
firepower_threat_defense_software
|
A vulnerability in the VPN web server of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arb…
|
CWE-94
Code Injection
|
CVE-2024-20485
|
2024-11-2 04:50 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1789
|
6.5 |
MEDIUM
Network
|
cisco
|
secure_firewall_management_center
|
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote at…
|
CWE-863
Incorrect Authorization
|
CVE-2024-20482
|
2024-11-2 04:49 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1790
|
9.0 |
CRITICAL
Network
|
lollms
|
lord_of_large_language_models
|
A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering in the sanitize_svg function, this …
|
CWE-79
Cross-site Scripting
|
CVE-2024-6581
|
2024-11-2 04:38 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
