|
317111
|
- |
|
-
|
-
|
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML el…
|
-
|
CVE-2024-38859
|
2024-08-27 00:15 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317112
|
6.5 |
MEDIUM
Network
|
retool
|
retool
|
Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-42056
|
2024-08-27 00:15 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317113
|
7.8 |
HIGH
Local
|
google
|
chrome
|
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security s…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2024-7980
|
2024-08-27 00:14 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317114
|
7.8 |
HIGH
Local
|
google
|
chrome
|
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security s…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2024-7979
|
2024-08-27 00:13 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317115
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security sev…
|
NVD-CWE-noinfo
|
CVE-2024-7972
|
2024-08-27 00:11 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317116
|
8.8 |
HIGH
Network
|
lopalopa
|
music_management_system
|
A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page.
|
CWE-89
SQL Injection
|
CVE-2024-42786
|
2024-08-26 23:58 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317117
|
8.8 |
HIGH
Network
|
lopalopa
|
music_management_system
|
A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.
|
CWE-89
SQL Injection
|
CVE-2024-42785
|
2024-08-26 23:57 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317118
|
9.8 |
CRITICAL
Network
|
lopalopa
|
music_management_system
|
A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.
|
CWE-89
SQL Injection
|
CVE-2024-42784
|
2024-08-26 23:57 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317119
|
4.1 |
MEDIUM
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. An low-privileged attacker could leverage…
|
NVD-CWE-noinfo
|
CVE-2024-41849
|
2024-08-26 23:37 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317120
|
5.4 |
MEDIUM
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager versions 6.5.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vul…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41848
|
2024-08-26 23:37 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
