|
313771
|
5.4 |
MEDIUM
Network
|
o-dyn
|
collabtive
|
Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser.
|
CWE-79
Cross-site Scripting
|
CVE-2024-48708
|
2024-10-26 04:10 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313772
|
8.8 |
HIGH
Network
|
pandorafms
|
pandora_fms
|
A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through <777.3.
|
CWE-89
SQL Injection
|
CVE-2024-9987
|
2024-10-26 04:06 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313773
|
8.8 |
HIGH
Network
|
pandorafms
|
pandora_fms
|
A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3.
|
CWE-22
Path Traversal
|
CVE-2024-35308
|
2024-10-26 04:06 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313774
|
4.8 |
MEDIUM
Network
|
o-dyn
|
collabtive
|
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file.
|
CWE-79
Cross-site Scripting
|
CVE-2024-46240
|
2024-10-26 04:00 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313775
|
7.5 |
HIGH
Network
|
phpgurukul
|
client_management_system
|
Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php.
|
CWE-89
SQL Injection
|
CVE-2024-48570
|
2024-10-26 03:59 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313776
|
5.4 |
MEDIUM
Network
|
o-dyn
|
collabtive
|
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively.
|
CWE-79
Cross-site Scripting
|
CVE-2024-48706
|
2024-10-26 03:58 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313777
|
4.3 |
MEDIUM
Network
|
qodeinteractive
|
qi_addons_for_elementor
|
The Qi Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.0 via private templates. This makes it possible for authenti…
|
NVD-CWE-noinfo
|
CVE-2024-9530
|
2024-10-26 03:52 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313778
|
4.3 |
MEDIUM
Network
|
wpbeginner
|
transients_manager
|
The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the proces…
|
CWE-352
Origin Validation Error
|
CVE-2024-10045
|
2024-10-26 03:52 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313779
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: fix memory leak in gpiochip_setup_dev()
Here is a backtrace report about memory leak detected in
gpiochip_setup_dev():
…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2022-48975
|
2024-10-26 03:48 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313780
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
can: af_can: fix NULL pointer dereference in can_rcv_filter
Analogue to commit 8aa59e355949 ("can: af_can: fix NULL pointer
deref…
|
CWE-476
NULL Pointer Dereference
|
CVE-2022-48977
|
2024-10-26 03:47 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
