|
461
|
- |
|
-
|
-
|
libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.
Update
|
-
|
CVE-2024-50612
|
2024-10-31 05:35 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
462
|
- |
|
-
|
-
|
AIML Chatbot 1.0 (fixed in 2.0) is vulnerable to Cross Site Scripting (XSS). The vulnerability is exploited through the message input field, where attackers can inject malicious HTML or JavaScript co…
Update
|
-
|
CVE-2024-48396
|
2024-10-31 05:35 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
463
|
7.5 |
HIGH
Network
octavolabs
|
vernemq
|
A memory allocation issue in vernemq v2.0.1 allows attackers to cause a Denial of Service (DoS) via excessive memory consumption.
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-44459
|
2024-10-31 05:35 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
464
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in the component /email/welcome.php of Mini Inventory and Sales Management System commit 18aa3d allows attackers to execute arbitrary web scripts or HTML vi…
Update
|
-
|
CVE-2024-42550
|
2024-10-31 05:35 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
465
|
6.8 |
MEDIUM
Physics
|
gncchome
|
gncc_c2_firmware
|
Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port.
New
|
CWE-287
Improper Authentication
|
CVE-2024-31800
|
2024-10-31 05:35 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
466
|
5.5 |
MEDIUM
Local
|
isellerpal
|
enterprise_resource_management_system
|
An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. Aspx component
Update
|
NVD-CWE-noinfo
|
CVE-2024-42677
|
2024-10-31 05:35 |
2024-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
467
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTM…
Update
|
NVD-CWE-noinfo
|
CVE-2024-6999
|
2024-10-31 05:35 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
468
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
|
A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions.
*This issue only affects Android versions of Firefox.* Thi…
Update
|
NVD-CWE-Other
|
CVE-2024-7523
|
2024-10-31 05:35 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
469
|
6.5 |
MEDIUM
Network
|
haxx
|
libcurl
|
libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an
ASN.1 Generalized Time field. If given an syntactically incorrect field, the
parser might end up using -1 for the length…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2024-7264
|
2024-10-31 05:35 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
470
|
5.4 |
MEDIUM
Network
|
oretnom23
|
lost_and_found_information_system
|
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-37856
|
2024-10-31 05:35 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
