|
841
|
- |
|
-
|
-
|
The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts
|
-
|
CVE-2024-11184
|
2025-01-7 06:15 |
2025-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
842
|
- |
|
-
|
-
|
Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx.
|
-
|
CVE-2024-56829
|
2025-01-7 06:15 |
2025-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
843
|
- |
|
-
|
-
|
Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave serv…
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2025-21617
|
2025-01-7 05:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
844
|
- |
|
-
|
-
|
Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template.
|
-
|
CVE-2024-55529
|
2025-01-7 05:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
845
|
- |
|
-
|
-
|
A reflected Cross-Site Scripting (XSS) vulnerability exists in the login page of IceHRM v32.4.0.OS. The vulnerability is due to improper sanitization of the "next" parameter, which is included in the…
|
-
|
CVE-2024-46073
|
2025-01-7 05:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
846
|
- |
|
-
|
-
|
File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then p…
|
-
|
CVE-2024-56828
|
2025-01-7 03:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
847
|
- |
|
-
|
-
|
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to S…
|
CWE-437
|
CVE-2024-55629
|
2025-01-7 03:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
848
|
- |
|
-
|
-
|
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messa…
|
CWE-405
CWE-779
Asymmetric Resource Consumption (Amplification)
|
CVE-2024-55628
|
2025-01-7 03:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
849
|
- |
|
-
|
-
|
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer ov…
|
CWE-191
CWE-122
Integer Underflow (Wrap or Wraparound)
Heap-based Buffer Overflow
|
CVE-2024-55627
|
2025-01-7 03:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
850
|
- |
|
-
|
-
|
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead …
|
CWE-680
Integer Overflow to Buffer Overflow
|
CVE-2024-55626
|
2025-01-7 03:15 |
2025-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
