CVE-2024-5933 Cross-site Scripting (XSS) in parisneo/lollms-webui

A Cross-site Scripting XSS vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser...

CVE-2024-5933 Cross-site Scripting (XSS) in parisneo/lollms-webui

A Cross-site Scripting XSS vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser...

EUVD-2024-47139

In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information...

PT-2024-33932 · Ipswitch · Whatsup Gold

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2023.1.3 Description: A vulnerability exists in the TestController functionality, allowing a specially crafted unauthenticated HTTP request to disclose sensitive information. Recommendations: For versions prior ...

CVE-2024-38373

FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...

CVE-2024-38373

CVE-2024-38373 affects FreeRTOS-Plus-TCP, specifically versions 4.0.0 through 4.1.0. The issue is a buffer over-read in the DNS Response Parser when processing domain names in a DNS response, which can allow reading beyond the DNS response buffer if a crafted response uses a domain name length va...

CVE-2024-38373 FreeRTOS-Plus-TCP Buffer Over-Read in DNS Response Parser

FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...

CVE-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The...

CVE-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0 and before 4.1.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The...

CVE-2024-37675

Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file...

Cross-site Scripting (XSS)

TYPO3 is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of t3:// URLs and typolink functionality, affecting both backend forms and frontend extensions that use typolink rendering...

CVE-2024-38394

Mismatches in interpreting USB authorization policy between GNOME Settings Daemon GSD through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and...

GNOME Security Vulnerabilities

GNOME is the GNOME open source suite of purely free computer software. It is used to provide a graphical desktop environment. A security vulnerability exists in GNOME Settings Daemon 46.0 and earlier versions, which stems from a mismatch in authorization policy that allows a physically proximate...

CVE-2024-6015

The CVE-2024-6015 entry concerns itsourcecode Online House Rental System 1.0, where an unknown function in manage_user.php allows SQL injection via the month_of argument. The vulnerability is exploitable remotely, with public disclosure and various attestations across sources (NVD/NVDCentric entr...

CVE-2024-38394

Mismatches in interpreting USB authorization policy between GNOME Settings Daemon GSD through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and...

CVE-2024-31161

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system...

CVE-2024-5898

A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file printpayroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has...

CVE-2024-5905

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability...

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ‘Path Traversal’ vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request...

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ‘Path Traversal’ vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request...