|
312281
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored XSS.
The
Forcepoint Web Security…
|
-
|
CVE-2023-6452
|
2024-08-24 01:18 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312282
|
- |
|
-
|
-
|
Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRe…
|
-
|
CVE-2024-43787
|
2024-08-24 01:18 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312283
|
- |
|
-
|
-
|
gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backsp…
|
-
|
CVE-2024-43785
|
2024-08-24 01:18 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312284
|
- |
|
-
|
-
|
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untru…
|
-
|
CVE-2024-43398
|
2024-08-24 01:18 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312285
|
3.7 |
LOW
Network
|
mattermost
|
mattermost
|
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-32939
|
2024-08-24 01:17 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312286
|
6.5 |
MEDIUM
Network
|
mattermost
|
mattermost
|
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged …
|
NVD-CWE-noinfo
|
CVE-2024-39836
|
2024-08-24 01:16 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312287
|
4.9 |
MEDIUM
Network
|
mattermost
|
mattermost
|
Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsear…
|
NVD-CWE-noinfo
|
CVE-2024-39810
|
2024-08-24 01:16 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312288
|
9.8 |
CRITICAL
Network
|
lopalopa
|
music_management_system
|
A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter.
|
CWE-89
SQL Injection
|
CVE-2024-42782
|
2024-08-24 01:16 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312289
|
9.8 |
CRITICAL
Network
|
lopalopa
|
music_management_system
|
A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email para…
|
CWE-89
SQL Injection
|
CVE-2024-42781
|
2024-08-24 01:15 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312290
|
6.3 |
MEDIUM
Network
|
youdiancms
|
youdiancms
|
A vulnerability has been found in YouDianCMS 7 and classified as critical. Affected by this vulnerability is the function curl_exec of the file /App/Core/Extend/Function/ydLib.php. The manipulation o…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-7330
|
2024-08-24 01:12 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
