|
311281
|
- |
|
-
|
-
|
Statmatic is a Laravel and Git powered content management system (CMS). Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location dif…
|
CWE-22
Path Traversal
|
CVE-2024-52600
|
2024-11-20 02:15 |
2024-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311282
|
4.3 |
MEDIUM
Network
|
janeczku
|
calibre-web
|
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2021-3986
|
2024-11-20 02:12 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311283
|
9.8 |
CRITICAL
Network
|
dompdf_project
|
dompdf
|
An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versio…
|
CWE-611
XXE
|
CVE-2021-3902
|
2024-11-20 02:12 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311284
|
5.4 |
MEDIUM
Network
|
sylius
|
sylius
|
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that…
|
CWE-79
Cross-site Scripting
|
CVE-2021-3841
|
2024-11-20 02:11 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311285
|
9.8 |
CRITICAL
Network
|
dompdf_project
|
dompdf
|
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files o…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-3838
|
2024-11-20 02:11 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311286
|
8.8 |
HIGH
Network
|
chatwoot
|
chatwoot
|
A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-3742
|
2024-11-20 02:10 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311287
|
8.8 |
HIGH
Network
|
vanquish
|
user_extra_fields
|
The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 1…
|
CWE-862
Missing Authorization
|
CVE-2024-10800
|
2024-11-20 02:08 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311288
|
5.4 |
MEDIUM
Network
|
chatwoot
|
chatwoot
|
A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malic…
|
CWE-79
Cross-site Scripting
|
CVE-2021-3741
|
2024-11-20 02:07 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311289
|
5.7 |
MEDIUM
Network
|
wpdeveloper
|
essential_addons_for_elementor
|
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, …
|
NVD-CWE-noinfo
|
CVE-2024-8979
|
2024-11-20 02:05 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311290
|
5.7 |
MEDIUM
Network
|
wpdeveloper
|
essential_addons_for_elementor
|
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, …
|
NVD-CWE-noinfo
|
CVE-2024-8978
|
2024-11-20 02:04 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
