1
|
- |
-
|
-
|
-
|
A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP…
New
|
CWE-434
危険なタイプのファイルの無制限アップロード
|
CVE-2024-5145
|
2024-05-21 08:15 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
2
|
- |
-
|
-
|
-
|
An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulner…
New
|
-
|
CVE-2024-4985
|
2024-05-21 07:15 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
3
|
- |
-
|
-
|
-
|
Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execut…
New
|
-
|
CVE-2024-34710
|
2024-05-21 07:15 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
4
|
- |
-
|
-
|
-
|
Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests …
New
|
-
|
CVE-2024-35195
|
2024-05-21 06:15 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
5
|
- |
-
|
-
|
-
|
Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created…
New
|
-
|
CVE-2024-35194
|
2024-05-21 06:15 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
6
|
- |
-
|
-
|
-
|
Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials f…
New
|
-
|
CVE-2024-35192
|
2024-05-21 06:15 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
7
|
- |
-
|
-
|
-
|
Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Ti…
New
|
-
|
CVE-2024-35191
|
2024-05-21 06:15 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
8
|
- |
-
|
-
|
-
|
Issue in KeePassXC 2.7.7 allows an attacker to recover some passwords stored in the .kdbx database.
New
|
-
|
CVE-2024-33901
|
2024-05-21 06:15 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
9
|
- |
-
|
-
|
-
|
KeePassXC 2.7.7 allows attackers to recover cleartext credentials.
New
|
-
|
CVE-2024-33900
|
2024-05-21 06:15 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
10
|
7.9 |
HIGH
隣接
|
-
|
-
|
The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit t…
New
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2024-29000
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
11
|
- |
-
|
-
|
-
|
Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv.
New
|
-
|
CVE-2024-35580
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
12
|
- |
-
|
-
|
-
|
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv.
New
|
-
|
CVE-2024-35579
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
13
|
- |
-
|
-
|
-
|
Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.
New
|
-
|
CVE-2024-35578
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
14
|
- |
-
|
-
|
-
|
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv.
New
|
-
|
CVE-2024-35576
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
15
|
- |
-
|
-
|
-
|
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.
New
|
-
|
CVE-2024-35571
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
16
|
- |
-
|
-
|
-
|
likeshop 2.5.7 is vulnerable to SQL Injection via the getOrderList function.
New
|
-
|
CVE-2024-34949
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
17
|
- |
-
|
-
|
-
|
smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading.
New
|
-
|
CVE-2024-34193
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
18
|
- |
-
|
-
|
-
|
Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows an attacker to cause a denial of service via the Lua library component.
New
|
-
|
CVE-2024-31714
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
19
|
- |
-
|
-
|
-
|
A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle()`, `parse()`, `resolve()`, `dereference() …
New
|
-
|
CVE-2024-29651
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
20
|
- |
-
|
-
|
-
|
A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js.
New
|
-
|
CVE-2024-24293
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
21
|
- |
-
|
-
|
-
|
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details.
New
|
-
|
CVE-2023-49335
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
22
|
- |
-
|
-
|
-
|
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report.
New
|
-
|
CVE-2023-49334
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
23
|
- |
-
|
-
|
-
|
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature.
New
|
-
|
CVE-2023-49333
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
24
|
- |
-
|
-
|
-
|
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares.
New
|
-
|
CVE-2023-49332
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
25
|
- |
-
|
-
|
-
|
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option.
New
|
-
|
CVE-2023-49331
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
26
|
- |
-
|
-
|
-
|
An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 allows attackers to cause a Denial of Service (DoS) when attempting to make TCP connections.
New
|
-
|
CVE-2024-34948
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
27
|
- |
-
|
-
|
-
|
Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect attack.
New
|
-
|
CVE-2024-34947
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
28
|
- |
-
|
-
|
-
|
A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 allows an attacker to execute arbitrary code via the _utils.setDeepProperty function of engine.min.js.
New
|
-
|
CVE-2024-24294
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
29
|
- |
-
|
-
|
-
|
ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a c…
New
|
-
|
CVE-2024-0401
|
2024-05-21 04:34 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
30
|
- |
-
|
-
|
-
|
Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execu…
Update
|
-
|
CVE-2024-34338
|
2024-05-21 04:15 |
2024-05-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
31
|
- |
-
|
-
|
-
|
Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data.
New
|
-
|
CVE-2023-49330
|
2024-05-21 03:15 |
2024-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
32
|
- |
-
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Update
|
-
|
CVE-2024-4642
|
2024-05-21 02:15 |
2024-05-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
33
|
- |
-
|
-
|
-
|
An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handlin…
New
|
CWE-284
不適切なアクセス制御
|
CVE-2024-4151
|
2024-05-21 00:17 |
2024-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
34
|
- |
-
|
-
|
-
|
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.
New
|
-
|
CVE-2024-3482
|
2024-05-21 00:17 |
2024-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
35
|
- |
-
|
-
|
-
|
An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file
New
|
-
|
CVE-2024-34953
|
2024-05-21 00:17 |
2024-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
36
|
- |
-
|
-
|
-
|
taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of…
New
|
-
|
CVE-2024-34952
|
2024-05-21 00:17 |
2024-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
37
|
- |
-
|
-
|
-
|
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited.
New
|
-
|
CVE-2024-2835
|
2024-05-21 00:17 |
2024-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
38
|
- |
-
|
-
|
-
|
In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an …
New
|
CWE-20
不適切な入力確認
|
CVE-2024-4287
|
2024-05-21 00:17 |
2024-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
39
|
- |
-
|
-
|
-
|
Zoho ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions.
Note: This vulnerability affects only the PAM360 6600 v…
New
|
-
|
CVE-2024-27312
|
2024-05-21 00:17 |
2024-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
40
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-787
境界外書き込み
|
CVE-2024-4761
|
2024-05-20 23:08 |
2024-05-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
41
|
- |
-
|
-
|
-
|
A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, info…
New
|
-
|
CVE-2024-4323
|
2024-05-20 22:00 |
2024-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
42
|
- |
-
|
-
|
-
|
A vulnerability classified as problematic was found in PHPGurukul Directory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php of t…
New
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2024-5137
|
2024-05-20 22:00 |
2024-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
43
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ax25: Fix netdev refcount issue
The dev_tracker is added to ax25_cb in ax25_bind(). When the
ax25 device is detaching, the dev_tr…
New
|
-
|
CVE-2024-36009
|
2024-05-20 22:00 |
2024-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
44
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ipv4: check for NULL idev in ip_route_use_hint()
syzbot was able to trigger a NULL deref in fib_validate_source()
in an old tree …
New
|
-
|
CVE-2024-36008
|
2024-05-20 22:00 |
2024-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
45
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb: fix missing hugetlb_lock for resv uncharge
There is a recent report on UFFDIO_COPY over hugetlb:
https://lore.kernel…
New
|
-
|
CVE-2024-36000
|
2024-05-20 22:00 |
2024-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
46
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
smb3: missing lock when picking channel
Coverity spotted a place where we should have been holding the
channel lock when accessin…
New
|
-
|
CVE-2024-35999
|
2024-05-20 22:00 |
2024-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
47
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
smb3: fix lock ordering potential deadlock in cifs_sync_mid_result
Coverity spotted that the cifs_sync_mid_result function could …
New
|
-
|
CVE-2024-35998
|
2024-05-20 22:00 |
2024-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
48
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_tcam: Fix warning during rehash
As previously explained, the rehash delayed work migrates filters from
one re…
New
|
-
|
CVE-2024-36007
|
2024-05-20 22:00 |
2024-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
49
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_tcam: Fix incorrect list API usage
Both the function that migrates all the chunks within a region and the
fun…
New
|
-
|
CVE-2024-36006
|
2024-05-20 22:00 |
2024-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
50
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: honor table dormant flag from netdev release event path
Check for table dormant flag otherwise netdev relea…
New
|
-
|
CVE-2024-36005
|
2024-05-20 22:00 |
2024-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|