|
312021
|
6.5 |
MEDIUM
Network
|
beikeshop
|
beikeshop
|
A vulnerability, which was classified as problematic, was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function exportZip of the file /admin/file_manager/expo…
|
CWE-22
Path Traversal
|
CVE-2024-8165
|
2024-09-7 07:20 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312022
|
8.8 |
HIGH
Network
|
beikeshop
|
beikeshop
|
A vulnerability, which was classified as critical, has been found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function rename of the file /Admin/Http/…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-8164
|
2024-09-7 07:19 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312023
|
8.1 |
HIGH
Network
|
beikeshop
|
beikeshop
|
A vulnerability classified as critical was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this vulnerability is the function destroyFiles of the file /admin/file_man…
|
CWE-22
Path Traversal
|
CVE-2024-8163
|
2024-09-7 07:18 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312024
|
- |
|
-
|
-
|
Rejected reason: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that the issue does not pose a secu…
|
-
|
CVE-2024-8439
|
2024-09-7 07:15 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312025
|
8.1 |
HIGH
Network
|
ivanti
|
neurons_for_itsm
|
Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as…
|
CWE-295
Improper Certificate Validation
|
CVE-2024-7570
|
2024-09-7 06:59 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312026
|
9.8 |
CRITICAL
Network
|
ivanti
|
neurons_for_itsm
|
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug informati…
|
NVD-CWE-Other
|
CVE-2024-7569
|
2024-09-7 06:57 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312027
|
9.3 |
CRITICAL
Network
|
roundcube
|
webmail
|
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-42009
|
2024-09-7 06:50 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312028
|
9.3 |
CRITICAL
Network
|
roundcube
|
webmail
|
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious …
|
CWE-79
Cross-site Scripting
|
CVE-2024-42008
|
2024-09-7 06:48 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312029
|
4.3 |
MEDIUM
Network
|
xwiki
|
xwiki
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and …
|
CWE-862
Missing Authorization
|
CVE-2024-37898
|
2024-09-7 06:16 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312030
|
4.6 |
MEDIUM
Network
|
xwiki
|
xwiki
|
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be exe…
|
CWE-94
Code Injection
|
CVE-2024-37900
|
2024-09-7 06:06 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
