|
313341
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
thunderbird
firefox_esr
|
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vuln…
|
NVD-CWE-noinfo
|
CVE-2024-9398
|
2024-10-31 03:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313342
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
firefox_esr
|
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This ac…
|
NVD-CWE-Other
|
CVE-2024-9394
|
2024-10-31 03:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313343
|
- |
|
-
|
-
|
Insufficient access controls in ASP kernel may allow a
privileged attacker with access to AMD signing keys and the BIOS menu or UEFI
shell to map DRAM regions in protected areas, potentially leading …
|
-
|
CVE-2021-26387
|
2024-10-31 03:35 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313344
|
6.1 |
MEDIUM
Network
|
projectworlds
|
simple_web-based_chat_application
|
A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manip…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10433
|
2024-10-31 03:31 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313345
|
8.8 |
HIGH
Network
|
agnai
|
agnai
|
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen …
|
CWE-434
CWE-35
Unrestricted Upload of File with Dangerous Type
Path Traversal: '.../...//'
|
CVE-2024-47169
|
2024-10-31 03:25 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313346
|
6.1 |
MEDIUM
Network
|
cvat
|
computer_vision_annotation_tool
|
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing ta…
|
CWE-79
Cross-site Scripting
|
CVE-2024-47063
|
2024-10-31 03:24 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313347
|
9.8 |
CRITICAL
Network
|
filemanagerpro
|
file_manager
|
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible …
|
CWE-862
Missing Authorization
|
CVE-2018-25105
|
2024-10-31 03:23 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313348
|
6.1 |
MEDIUM
Network
|
cvat
|
computer_vision_annotation_tool
|
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed UR…
|
CWE-79
CWE-81
Cross-site Scripting
Improper Neutralization of Script in an Error Message Web Page
|
CVE-2024-47064
|
2024-10-31 03:23 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313349
|
9.8 |
CRITICAL
Network
|
codezips
|
pet_shop_management_system
|
A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /deleteanimal.php. The manipulation of the …
|
CWE-89
SQL Injection
|
CVE-2024-10427
|
2024-10-31 03:21 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313350
|
7.5 |
HIGH
Network
|
vasyltech
|
advanced_access_manager
|
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media paramet…
|
CWE-22
Path Traversal
|
CVE-2019-25213
|
2024-10-31 03:20 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
