|
561
|
- |
|
-
|
-
|
An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file.
New
|
-
|
CVE-2024-51053
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
562
|
- |
|
-
|
-
|
Cross-Site Scripting (XSS) in the "Rules" functionality in WordServer 11.8.2 allows a remote authenticated attacker to execute arbitrary code.
New
|
-
|
CVE-2024-50849
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
563
|
- |
|
-
|
-
|
An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via…
New
|
-
|
CVE-2024-50848
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
564
|
- |
|
-
|
-
|
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError…
New
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2024-52303
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
565
|
- |
|
-
|
-
|
MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Contro…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-51743
|
2024-11-20 00:35 |
2024-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
566
|
- |
|
-
|
-
|
A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify.
New
|
CWE-285
Improper Authorization
|
CVE-2024-48897
|
2024-11-20 00:35 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
567
|
- |
|
-
|
-
|
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.17.
Users are recommended …
New
|
CWE-94
CWE-918
Code Injection
Server-Side Request Forgery (SSRF)
|
CVE-2024-47208
|
2024-11-20 00:35 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
568
|
4.3 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception d…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2021-3991
|
2024-11-20 00:31 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
569
|
4.8 |
MEDIUM
Network
|
phpipam
|
phpipam
|
A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim. This vulnerability affects the …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-1226
|
2024-11-20 00:30 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
570
|
7.7 |
HIGH
Network
|
linuxfoundation
|
harbor
|
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authentic…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2022-31668
|
2024-11-20 00:25 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
