|
1901
|
6.1 |
MEDIUM
Network
|
cisco
|
firepower_management_center
|
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attac…
|
CWE-79
Cross-site Scripting
|
CVE-2024-20415
|
2024-11-1 04:17 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1902
|
6.1 |
MEDIUM
Network
|
cisco
|
secure_firewall_management_center
|
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attac…
|
CWE-79
Cross-site Scripting
|
CVE-2024-20273
|
2024-11-1 04:09 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1903
|
5.4 |
MEDIUM
Network
|
cisco
|
secure_firewall_management_center
|
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack …
|
CWE-79
Cross-site Scripting
|
CVE-2024-20264
|
2024-11-1 04:04 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1904
|
6.1 |
MEDIUM
Network
|
abdullahirfan
|
whitelist
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Irfan Whitelist allows Reflected XSS.This issue affects Whitelist: from n/a throu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49643
|
2024-11-1 03:48 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1905
|
6.5 |
MEDIUM
Network
|
lunary
|
lunary
|
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API (/v1/users/send-verification) and Sign up API (/auth/signup). An unauthenticated attacker can inj…
|
CWE-74
Injection
|
CVE-2024-7472
|
2024-11-1 03:46 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1906
|
5.4 |
MEDIUM
Network
|
salonbookingsystem
|
salon_booking_system
|
The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versio…
|
CWE-862
Missing Authorization
|
CVE-2024-4468
|
2024-11-1 03:40 |
2024-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1907
|
6.1 |
MEDIUM
Network
|
awplife
|
formula
|
The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'ti_customizer_notify_dismiss_recommended_plugins' AJAX action in all versions up to, and…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5638
|
2024-11-1 03:38 |
2024-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1908
|
9.8 |
CRITICAL
Network
langchain
|
langchain
|
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability p…
|
CWE-89
SQL Injection
|
CVE-2024-7042
|
2024-11-1 03:36 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1909
|
- |
|
-
|
-
|
An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For examp…
|
-
|
CVE-2024-33869
|
2024-11-1 03:35 |
2024-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1910
|
- |
|
-
|
-
|
MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results.
|
-
|
CVE-2024-37763
|
2024-11-1 03:35 |
2024-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
