|
1871
|
6.1 |
MEDIUM
Network
|
-
|
-
|
IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41745
|
2024-11-2 02:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1872
|
6.5 |
MEDIUM
Network
|
-
|
-
|
IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
|
-
|
CVE-2024-41744
|
2024-11-2 02:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1873
|
5.3 |
MEDIUM
Network
-
|
-
|
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system.
|
CWE-208
Information Exposure Through Timing Discrepancy
|
CVE-2024-41741
|
2024-11-2 02:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1874
|
- |
|
-
|
-
|
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the …
|
CWE-598
Information Exposure Through Query Strings in GET Request
|
CVE-2024-41738
|
2024-11-2 02:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1875
|
8.8 |
HIGH
Network
|
microchip
|
timeprovider_4100_firmware
|
Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0.
|
CWE-352
Origin Validation Error
|
CVE-2024-43684
|
2024-11-2 02:15 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1876
|
5.4 |
MEDIUM
Network
|
digitus
|
inmailx
|
InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to exe…
|
CWE-79
Cross-site Scripting
|
CVE-2022-27105
|
2024-11-2 02:15 |
2022-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1877
|
8.8 |
HIGH
Network
|
infiniflow
|
ragflow
|
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input `req['llm_factory']` and `req['…
|
CWE-77
Command Injection
|
CVE-2024-10131
|
2024-11-2 02:12 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1878
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
r8169: add tally counter fields added with RTL8125
RTL8125 added fields to the tally counter, what may result in the chip
dma'ing…
|
NVD-CWE-noinfo
|
CVE-2024-49973
|
2024-11-2 02:11 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1879
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
NFSD: Limit the number of concurrent async COPY operations
Nothing appears to limit the number of concurrent async COPY
operation…
|
NVD-CWE-noinfo
|
CVE-2024-49974
|
2024-11-2 01:52 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1880
|
6.1 |
MEDIUM
Network
|
mattroyal
|
woocommerce_maintenance_mode
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Matt Royal WooCommerce Maintenance Mode allows Reflected XSS.This issue affects WooCommerc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49651
|
2024-11-2 01:39 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
