|
313301
|
5.5 |
MEDIUM
Local
|
dpgaspar
|
flask_app_builder
|
Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue …
|
NVD-CWE-Other
|
CVE-2024-45314
|
2024-09-13 01:39 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313302
|
5.4 |
MEDIUM
Network
|
wpsocio
|
wp_telegram_widget_and_join_link
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link allows Stored XSS.This issue affects WP Telegram…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43309
|
2024-09-13 01:39 |
2024-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313303
|
- |
|
-
|
-
|
SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component.
|
-
|
CVE-2024-42760
|
2024-09-13 01:35 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313304
|
5.4 |
MEDIUM
Network
|
gutentor
|
gutentor
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gutentor Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor allows Stored XSS…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43308
|
2024-09-13 01:30 |
2024-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313305
|
5.1 |
MEDIUM
Local
|
arm
|
mbed_tls
|
An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not…
|
NVD-CWE-noinfo
|
CVE-2024-45157
|
2024-09-13 01:29 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313306
|
9.8 |
CRITICAL
Network
|
mi
|
file_manager
|
A path traversal vulnerability exists in the Xiaomi File Manager application product(international version). The vulnerability is caused by unfiltered special characters and can be exploited by attac…
|
CWE-22
Path Traversal
|
CVE-2023-26321
|
2024-09-13 01:29 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313307
|
7.1 |
HIGH
Network
|
dylanjkotze
|
zephyr_project_manager
|
Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.102.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-43916
|
2024-09-13 01:21 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313308
|
5.4 |
MEDIUM
Network
|
xjd2020
|
fastcms
|
A vulnerability, which was classified as problematic, was found in FastCMS up to 0.1.5. Affected is an unknown function of the component New Article Category Page. The manipulation leads to cross sit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7733
|
2024-09-13 01:20 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313309
|
5.4 |
MEDIUM
Network
|
deathbreak
|
drug
|
A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user para…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44837
|
2024-09-13 01:17 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313310
|
7.5 |
HIGH
Network
|
dataflowx
|
datadiodex
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.This issue affects DataDiodeX: from v3.0.0 before…
|
CWE-22
Path Traversal
|
CVE-2024-6445
|
2024-09-13 01:14 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
