|
313441
|
7.5 |
HIGH
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
|
CWE-22
Path Traversal
|
CVE-2024-11309
|
2024-11-21 00:17 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313442
|
5.5 |
MEDIUM
Local
|
trcore
|
dvc
|
The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content.
|
NVD-CWE-Other
|
CVE-2024-11308
|
2024-11-21 00:17 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313443
|
9.8 |
CRITICAL
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, lead…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11315
|
2024-11-21 00:16 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313444
|
9.8 |
CRITICAL
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, lead…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11314
|
2024-11-21 00:16 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313445
|
9.8 |
CRITICAL
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, lead…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11313
|
2024-11-21 00:16 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313446
|
9.8 |
CRITICAL
Network
|
trcore
|
dvc
|
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, lead…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-11312
|
2024-11-21 00:16 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313447
|
6.1 |
MEDIUM
Network
|
ibphoenix
|
ibwebadmin
|
A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. …
|
CWE-79
Cross-site Scripting
|
CVE-2024-11240
|
2024-11-21 00:09 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313448
|
4.3 |
MEDIUM
Network
|
themify
|
builder
|
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. This …
|
CWE-863
Incorrect Authorization
|
CVE-2024-7836
|
2024-11-21 00:09 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313449
|
9.6 |
CRITICAL
Network
|
github
|
cli
|
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been …
|
CWE-77
Command Injection
|
CVE-2024-52308
|
2024-11-21 00:07 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313450
|
5.4 |
MEDIUM
Network
|
librenms
|
librenms
|
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary Jav…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49754
|
2024-11-21 00:02 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
