|
313501
|
5.3 |
MEDIUM
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-47162
|
2024-09-25 02:57 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313502
|
9.8 |
CRITICAL
Network
|
pharmacy_management_system_project
|
pharmacy_management_system
|
A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The mani…
|
CWE-89
SQL Injection
|
CVE-2024-8146
|
2024-09-25 02:00 |
2024-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313503
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access sensitive data …
|
NVD-CWE-noinfo
|
CVE-2024-44182
|
2024-09-25 01:52 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313504
|
6.1 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability …
|
CWE-601
Open Redirect
|
CVE-2024-4283
|
2024-09-25 01:51 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313505
|
7.5 |
HIGH
Network
|
sigstore
|
sigstore-go
|
sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bun…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2024-45395
|
2024-09-25 01:50 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313506
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to un…
|
NVD-CWE-noinfo
|
CVE-2024-6685
|
2024-09-25 01:48 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313507
|
6.1 |
MEDIUM
Network
|
cern
|
indico
|
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45399
|
2024-09-25 01:48 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313508
|
6.7 |
MEDIUM
Local
|
qnap
|
qvr_smart_client
|
An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized c…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2022-27592
|
2024-09-25 01:44 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313509
|
7.5 |
HIGH
Network
|
draytek
|
vigor3910_firmware
|
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-46580
|
2024-09-25 01:42 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313510
|
7.5 |
HIGH
Network
|
draytek
|
vigor3910_firmware
|
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted …
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-46571
|
2024-09-25 01:42 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
