|
551
|
6.1 |
MEDIUM
Network
|
janeczku
|
calibre-web
|
A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`. The vulnerability occurs when editing book properties, such as uploading a cover o…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2021-3988
|
2024-11-20 00:43 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
552
|
4.3 |
MEDIUM
Network
|
viwis
|
learning_management_system
|
A vulnerability was found in VIWIS LMS 9.11. It has been classified as critical. Affected is an unknown function of the component Print Handler. The manipulation leads to missing authorization. It is…
Update
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2024-8001
|
2024-11-20 00:41 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
553
|
7.4 |
HIGH
Network
|
linuxfoundation
|
harbor
|
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution …
Update
|
CWE-863
Incorrect Authorization
|
CVE-2022-31671
|
2024-11-20 00:40 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
554
|
7.2 |
HIGH
Network
|
mayurik
|
best_employee_management_system
|
A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulati…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11214
|
2024-11-20 00:38 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
555
|
9.8 |
CRITICAL
Network
icdsoft
|
multimanager_wp
|
The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersona…
Update
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-11028
|
2024-11-20 00:38 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
556
|
- |
|
-
|
-
|
Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients.
Apache Kafka Clients accept configuration data for customizing behavior, and…
New
|
CWE-552
CWE-269
Files or Directories Accessible to External Parties
Improper Privilege Management
|
CVE-2024-31141
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
557
|
- |
|
-
|
-
|
In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which e…
New
|
-
|
CVE-2024-10103
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
558
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component.
New
|
-
|
CVE-2024-33231
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
559
|
- |
|
-
|
-
|
StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Versions of step-security/harden-runner prior to v2.10.2 contain multipl…
New
|
CWE-78
OS Command
|
CVE-2024-52587
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
560
|
- |
|
-
|
-
|
AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account.
New
|
-
|
CVE-2024-51051
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
