|
3451
|
- |
|
-
|
-
|
A vulnerability was found in donglight bookstore???????? 1.0. It has been declared as critical. Affected by this vulnerability is the function uploadPicture of the file src/main/java/org/zdd/bookstor…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-13210
|
2025-01-9 13:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3452
|
- |
|
-
|
-
|
A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&functio…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2024-13209
|
2025-01-9 13:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3453
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to …
|
CWE-266
CWE-276
Incorrect Privilege Assignment
Incorrect Default Permissions
|
CVE-2024-13206
|
2025-01-9 13:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3454
|
- |
|
-
|
-
|
A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /blog-details.php. The manipul…
|
CWE-89
CWE-74
SQL Injection
Injection
|
CVE-2024-13204
|
2025-01-9 12:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3455
|
- |
|
-
|
-
|
A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is pos…
|
CWE-352
CWE-862
Origin Validation Error
Missing Authorization
|
CVE-2024-13203
|
2025-01-9 12:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3456
|
- |
|
-
|
-
|
A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admi…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2024-13202
|
2025-01-9 12:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3457
|
- |
|
-
|
-
|
A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/ad…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-13201
|
2025-01-9 12:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3458
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInter…
|
CWE-284
CWE-266
Improper Access Control
Incorrect Privilege Assignment
|
CVE-2024-13200
|
2025-01-9 12:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3459
|
- |
|
-
|
-
|
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
|
-
|
CVE-2024-37372
|
2025-01-9 10:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3460
|
- |
|
-
|
-
|
Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the sh…
|
-
|
CVE-2024-27980
|
2025-01-9 10:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
