2301
|
6.1 |
MEDIUM
Network
|
elabftw
|
elabftw
|
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions prior to 5.1.5 allows an attacker to inject arbitrary HTML tags in the pages: "experiments.php" (show …
|
CWE-79 CWE-94
Cross-site Scripting Code Injection
|
CVE-2024-47826
|
2024-11-9 00:41 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2302
|
7.5 |
HIGH
Network
vercel
|
next.js
|
Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a …
|
CWE-674
Uncontrolled Recursion
|
CVE-2024-47831
|
2024-11-9 00:39 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2303
|
6.1 |
MEDIUM
Network
|
forgerock
|
access_management
|
An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under…
|
CWE-601
Open Redirect
|
CVE-2024-25566
|
2024-11-9 00:38 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2304
|
- |
|
-
|
-
|
The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to p…
|
-
|
CVE-2024-7982
|
2024-11-9 00:35 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2305
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so.
|
NVD-CWE-noinfo
|
CVE-2023-37766
|
2024-11-9 00:35 |
2023-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2306
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so.
|
NVD-CWE-noinfo
|
CVE-2023-37765
|
2024-11-9 00:35 |
2023-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2307
|
6.5 |
MEDIUM
Network
|
microsoft
|
azure_functions
|
Improper Access Control in Imagine Cup allows an authorized attacker to elevate privileges over a network.
|
NVD-CWE-noinfo
|
CVE-2024-38204
|
2024-11-9 00:34 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2308
|
8.6 |
HIGH
Network
microsoft
|
power_platform
|
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.
|
CWE-862
Missing Authorization
|
CVE-2024-38190
|
2024-11-9 00:34 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2309
|
7.8 |
HIGH
Local
|
nvidia
|
nemo
|
NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to c…
|
CWE-22
Path Traversal
|
CVE-2024-0129
|
2024-11-9 00:33 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2310
|
6.1 |
MEDIUM
Network
|
castos
|
seriously_simple_podcasting
|
The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9667
|
2024-11-9 00:27 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|