|
1571
|
- |
|
-
|
-
|
happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execut…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2024-51757
|
2024-11-9 04:01 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1572
|
- |
|
-
|
-
|
Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property polic…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2024-51755
|
2024-11-9 04:01 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1573
|
- |
|
-
|
-
|
Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of …
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2024-51754
|
2024-11-9 04:01 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1574
|
- |
|
-
|
-
|
Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file conte…
|
-
|
CVE-2024-51751
|
2024-11-9 04:01 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1575
|
8.8 |
HIGH
Network
|
level1
|
wbr-6012_firmware
|
A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An at…
|
CWE-352
Origin Validation Error
|
CVE-2024-24777
|
2024-11-9 04:00 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1576
|
- |
|
-
|
-
|
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin.
|
-
|
CVE-2024-50966
|
2024-11-9 03:35 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1577
|
- |
|
-
|
-
|
Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables wer…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2024-50378
|
2024-11-9 03:35 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1578
|
8.1 |
HIGH
Network
|
level1
|
wbr-6012_firmware
|
The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof a…
|
CWE-291
Reliance on IP Address for Authentication
|
CVE-2024-23309
|
2024-11-9 03:27 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1579
|
- |
|
-
|
-
|
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a com…
|
-
|
CVE-2024-35314
|
2024-11-9 03:15 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1580
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the MX Series platforms with Trio-based FPCs allows an una…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-47493
|
2024-11-9 03:15 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
