|
1921
|
- |
|
-
|
-
|
A vulnerability was found in donglight bookstore???????? 1.0.0. It has been declared as problematic. This vulnerability affects the function BookSearchList of the file src/main/java/org/zdd/bookstore…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2024-13196
|
2025-01-9 09:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1922
|
- |
|
-
|
-
|
A vulnerability was found in donglight bookstore???????? 1.0.0. It has been classified as critical. This affects the function getHtml of the file src/main/java/org/zdd/bookstore/rawl/HttpUtil.java. T…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-13195
|
2025-01-9 09:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1923
|
- |
|
-
|
-
|
A vulnerability was found in Sucms 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/admin_members.php?ac=search. The manipulation of the argumen…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2024-13194
|
2025-01-9 09:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1924
|
- |
|
-
|
-
|
Rejected reason: loading template...
|
-
|
CVE-2024-5610
|
2025-01-9 08:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1925
|
- |
|
-
|
-
|
Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload…
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2025-22145
|
2025-01-9 06:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1926
|
- |
|
-
|
-
|
A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against …
|
-
|
CVE-2024-54010
|
2025-01-9 06:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1927
|
- |
|
-
|
-
|
SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82,…
|
CWE-601
Open Redirect
|
CVE-2024-53995
|
2025-01-9 06:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1928
|
- |
|
-
|
-
|
Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux S…
|
-
|
CVE-2024-52869
|
2025-01-9 06:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1929
|
- |
|
-
|
-
|
A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument …
|
CWE-74
CWE-91
Injection
Blind XPath Injection
|
CVE-2024-13190
|
2025-01-9 06:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1930
|
- |
|
-
|
-
|
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of…
|
CWE-862
Missing Authorization
|
CVE-2024-12431
|
2025-01-9 06:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
