1061
|
9.1 |
CRITICAL
Network
lunary
|
lunary
|
An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of au…
Update
|
NVD-CWE-Other
|
CVE-2024-7475
|
2024-11-4 22:55 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1062
|
8.1 |
HIGH
Network
|
lunary
|
lunary
|
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. …
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-7474
|
2024-11-4 22:49 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1063
|
6.1 |
MEDIUM
Network
|
phpgurukul
|
online_dj_booking_management_system
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitr…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-51076
|
2024-11-4 22:41 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1064
|
6.1 |
MEDIUM
Network
|
phpgurukul
|
online_dj_booking_management_system
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/user-search.php in PHPGurukul Online DJ Booking Management System v1.0, which allows remote attackers to execute arbitrar…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-51075
|
2024-11-4 22:41 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1065
|
6.1 |
MEDIUM
Network
|
phpgurukul
|
ifsc_code_finder
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code vi…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-51181
|
2024-11-4 22:39 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1066
|
6.1 |
MEDIUM
Network
|
phpgurukul
|
ifsc_code_finder
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/index.php in PHPGurukul IFSC Code Finder Project v1.0, which allows remote attackers to execute arbitrary code via the "s…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-51180
|
2024-11-4 22:37 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1067
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox_focus
|
Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects F…
Update
|
NVD-CWE-noinfo
|
CVE-2024-10474
|
2024-11-4 22:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1068
|
6.5 |
MEDIUM
Network
|
mozilla
|
thunderbird firefox
|
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Update
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2024-10462
|
2024-11-4 22:32 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1069
|
6.5 |
MEDIUM
Network
|
mozilla
|
thunderbird firefox
|
Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
Update
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-10463
|
2024-11-4 22:31 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1070
|
6.5 |
MEDIUM
Network
|
mozilla
|
thunderbird firefox
|
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
Update
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2024-10465
|
2024-11-4 22:30 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|