|
319511
|
5.4 |
MEDIUM
Network
|
aimstack
|
aim
|
A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8863
|
2024-09-21 00:43 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319512
|
6.1 |
MEDIUM
Network
|
autocms_project
|
autocms
|
A vulnerability was found in AutoCMS 5.4. It has been classified as problematic. This affects an unknown part of the file /admin/robot.php. The manipulation of the argument sidebar leads to cross sit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8866
|
2024-09-21 00:36 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319513
|
6.1 |
MEDIUM
Network
|
onlyoffice
|
document_server
|
ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Fun…
|
CWE-79
Cross-site Scripting
|
CVE-2023-50883
|
2024-09-21 00:18 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319514
|
7.5 |
HIGH
Network
|
litellm
|
litellm
|
A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/c…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-6587
|
2024-09-20 23:55 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319515
|
9.8 |
CRITICAL
Network
|
thinkphp
|
thinkphp
|
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-44902
|
2024-09-20 23:55 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319516
|
9.1 |
CRITICAL
Network
|
baxter
|
connex_health_portal
|
In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex po…
|
NVD-CWE-noinfo
|
CVE-2024-6796
|
2024-09-20 23:53 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319517
|
9.8 |
CRITICAL
Network
|
baxter
|
connex_health_portal
|
In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database.…
|
CWE-89
SQL Injection
|
CVE-2024-6795
|
2024-09-20 23:53 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319518
|
9.8 |
CRITICAL
Network
|
sfs
|
winsure
|
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2.
|
CWE-94
Code Injection
|
CVE-2024-7104
|
2024-09-20 23:44 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319519
|
- |
|
-
|
-
|
runofast Indoor Security Camera for Baby Monitor has a default password of password for the root account. This allows access to the /stream1 URI via the rtsp:// protocol to receive the video and audi…
|
-
|
CVE-2024-46959
|
2024-09-20 23:35 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319520
|
- |
|
-
|
-
|
An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38…
|
-
|
CVE-2024-45523
|
2024-09-20 23:35 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
