|
1021
|
- |
|
-
|
-
|
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have is no sanitization in the `/vendor/phpoffice/phpspreadsheet/samples/E…
|
CWE-79
Cross-site Scripting
|
CVE-2024-56408
|
2025-01-4 01:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1022
|
- |
|
-
|
-
|
An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component.
|
-
|
CVE-2024-55507
|
2025-01-4 01:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1023
|
- |
|
-
|
-
|
GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML configuration for groups they administer to trigger XML External …
|
CWE-611
XXE
|
CVE-2024-56324
|
2025-01-4 01:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1024
|
- |
|
-
|
-
|
GoCD is a continuous deliver server. GoCD versions 16.7.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse a hidden/unused configuration repository (pipelines as code) feature to allow XML E…
|
CWE-611
XXE
|
CVE-2024-56322
|
2025-01-4 01:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1025
|
- |
|
-
|
-
|
GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitr…
|
CWE-20
CWE-36
Improper Input Validation
Absolute Path Traversal
|
CVE-2024-56321
|
2025-01-4 01:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1026
|
- |
|
-
|
-
|
GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, an…
|
CWE-285
Improper Authorization
|
CVE-2024-56320
|
2025-01-4 01:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1027
|
4.3 |
MEDIUM
Network
|
-
|
-
|
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-5591
|
2025-01-4 00:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1028
|
- |
|
-
|
-
|
An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0-JAVA v11.3.3 allows attackers to execute arbitrary code via uploading a crafted file.
|
-
|
CVE-2024-55078
|
2025-01-4 00:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1029
|
- |
|
-
|
-
|
SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive information via the ViewType parameter of the findbywhereclause function
|
-
|
CVE-2024-48814
|
2025-01-4 00:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1030
|
4.2 |
MEDIUM
Physics
|
-
|
-
|
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could
could allow a physical user to obtain sensitive information due to not masking passwords during entry.
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2024-41780
|
2025-01-4 00:15 |
2025-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
