|
201
|
6.1 |
MEDIUM
Network
|
edwardstoever
|
monitor.chat
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Edward Stoever Monitor.Chat allows Reflected XSS.This issue affects Monitor.Chat: from n/a…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-49639
|
2024-11-1 00:58 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
202
|
7.2 |
HIGH
Network
|
funadmin
|
funadmin
|
funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.
Update
|
CWE-89
SQL Injection
|
CVE-2024-48230
|
2024-11-1 00:57 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
203
|
6.1 |
MEDIUM
Network
|
aliazlan
|
risk_warning_bar
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali Azlan Risk Warning Bar allows Reflected XSS.This issue affects Risk Warning Bar: from …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-49638
|
2024-11-1 00:56 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
204
|
7.5 |
HIGH
Network
mintplexlabs
|
anythingllm
|
mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in s…
New
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-7783
|
2024-11-1 00:49 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
205
|
7.2 |
HIGH
Network
|
funadmin
|
funadmin
|
funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin.
Update
|
CWE-89
SQL Injection
|
CVE-2024-48229
|
2024-11-1 00:49 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
206
|
4.9 |
MEDIUM
Network
|
funadmin
|
funadmin
|
Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS).
Update
|
NVD-CWE-noinfo
|
CVE-2024-48227
|
2024-11-1 00:48 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207
|
7.2 |
HIGH
Network
|
funadmin
|
funadmin
|
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist.
Update
|
CWE-89
SQL Injection
|
CVE-2024-48223
|
2024-11-1 00:44 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208
|
7.2 |
HIGH
Network
|
funadmin
|
funadmin
|
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit.
Update
|
CWE-89
SQL Injection
|
CVE-2024-48222
|
2024-11-1 00:44 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
209
|
7.2 |
HIGH
Network
|
funadmin
|
funadmin
|
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list.
Update
|
CWE-89
SQL Injection
|
CVE-2024-48218
|
2024-11-1 00:44 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
210
|
9.1 |
CRITICAL
Network
langchain
|
langchain
|
A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite ex…
New
|
CWE-22
Path Traversal
|
CVE-2024-7774
|
2024-11-1 00:39 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
