625 matches found
CVE-2024-48450
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group...
CVE-2024-48448
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into the tracker comments page...
CVE-2024-48448
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into the tracker comments page...
CVE-2024-48450
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group...
CVE-2024-48448
CVE-2024-48448 affects Huly Platform v0.6.295. The vulnerability is an arbitrary file upload that enables code execution by uploading a crafted HTML file to the tracker comments page. The available documents consistently identify the affected version and the file-upload vector but do not provide ...
CVE-2024-48450
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group...
CVE-2024-48448
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into the tracker comments page...
CVE-2024-48450
CVE-2024-48450 affects Huly Platform v0.6.295. The issue is an arbitrary file upload vulnerability that enables an attacker to execute arbitrary code by uploading a crafted HTML file into a chat group. The available documents do not provide details on root cause beyond the upload mechanism, affec...
CVE-2024-46482
An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Faveo-Helpdesk v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .html or .svg file...
CVE-2024-10099 Stored XSS in comfyanonymous/comfyui
A stored cross-site scripting XSS vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the /api/upload/image endpoint. The payload is executed when the file is viewe...
CVE-2024-10099 Stored XSS in comfyanonymous/comfyui
A stored cross-site scripting XSS vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the /api/upload/image endpoint. The payload is executed when the file is viewe...
CVE-2024-10099
CVE-2024-10099 is a stored XSS in comfyanonymous/comfyui triggered by uploading an HTML image via /api/upload/image and executing when viewed through /view. Affected versions cited include 0.2.2 and possibly earlier; some sources also reference up to 0.3.39, indicating broader impact across multi...
PT-2024-16025 · Comfyui · Comfyui
Name of the Vulnerable Software and Affected Versions: comfyanonymous/comfyui version 0.2.2 and possibly earlier Description: A stored cross-site scripting XSS issue exists, allowing an attacker to upload an HTML file with a malicious XSS payload via the "/api/upload/image" endpoint. The payload ...
ComfyUI 跨站脚本漏洞
ComfyUI is one of the most powerful and modular diffusion model GUI and backend for comfyanonymous individual developers. A cross-site scripting vulnerability exists in ComfyUI version 0.2.2 and prior versions, which can be exploited by an attacker to cause arbitrary JavaScript code to be execute...
Microsoft Office NTLMv2 Disclosure
Exploit Title: Microsoft Office NTLMv2 Disclosure Vulnerability Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.office.com/ Software Link: https://www.office.com/ Details: https://github.com/passtheticket/CVE-2024-38200 Version: Microsoft Office 2019 MSO Build 1808...
ROS-20240917-01
A vulnerability in the user tabs of Google Chrome and Microsoft Edge browsers is related to an incorrect security checks for standard elements. Exploitation of the vulnerability could allow an attacker, acting remotely, to spoof the user interface with a specially crafted HTML page. generated HTM...
CVE-2024-42563
An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file...
CVE-2024-42563
An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file...
CVE-2024-42563
An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file...
CVE-2024-42563
CVE-2024-42563 concerns an arbitrary file upload vulnerability in ERP, tied to commit 44bd04. The issue enables attackers to execute arbitrary code by uploading a crafted HTML file through the ERP upload functionality. The impact is high (remote, no authentication, code execution, high confidenti...