|
312661
|
6.1 |
MEDIUM
Network
|
waspthemes
|
yellowpencil
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects Ye…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43963
|
2024-08-31 01:10 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312662
|
7.5 |
HIGH
Network
|
ollama
|
ollama
|
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.
|
CWE-22
Path Traversal
|
CVE-2024-45436
|
2024-08-31 01:08 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312663
|
7.2 |
HIGH
Network
|
lopalopa
|
responsive_school_management_system
|
A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the…
|
CWE-89
SQL Injection
|
CVE-2024-41236
|
2024-08-31 01:02 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312664
|
5.5 |
MEDIUM
Local
|
irfanview
|
irfanview
|
An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS).
|
NVD-CWE-Other
|
CVE-2024-44915
|
2024-08-31 01:01 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312665
|
5.5 |
MEDIUM
Local
|
irfanview
|
irfanview
|
An issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS).
|
NVD-CWE-Other
|
CVE-2024-44914
|
2024-08-31 01:01 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312666
|
5.5 |
MEDIUM
Local
|
irfanview
|
irfanview
|
An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service (DoS).
|
NVD-CWE-Other
|
CVE-2024-44913
|
2024-08-31 01:01 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312667
|
9.8 |
CRITICAL
Network
|
totolink
|
a3002r_firmware
|
TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restricti…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-34195
|
2024-08-31 00:59 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312668
|
6.1 |
MEDIUM
Network
|
jupyter
|
jupyterlab
notebook
|
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious n…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43805
|
2024-08-31 00:56 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312669
|
8.0 |
HIGH
Network
|
lopalopa
|
music_management_system
|
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.
|
CWE-352
Origin Validation Error
|
CVE-2024-42793
|
2024-08-31 00:56 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312670
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-8193
|
2024-08-31 00:52 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
