6043 matches found
GHSA-22XM-W7R2-834Q FastAPI Admin cross-site scripting (XSS) vulnerability in the Create Product function
A cross-site scripting XSS vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...
CVE-2024-42816
A cross-site scripting XSS vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...
CVE-2024-42818
A cross-site scripting XSS vulnerability in the Config-Create function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...
PT-2024-30176 · Unknown · Fastapi-Admin Pro
Name of the Vulnerable Software and Affected Versions: fastapi-admin pro version 0.1.4 Description: A cross-site scripting XSS vulnerability in the Config-Create function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...
CVE-2024-42816
A cross-site scripting XSS vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...
CVE-2024-42818
CVE-2024-42818 is a cross-site scripting (XSS) vulnerability in the Config-Create function of fastapi-admin pro v0.1.4, allowing injection of arbitrary scripts/HTML via the Product Name parameter. Multiple connected sources corroborate the issue and its scope. Public data do not specify a confirm...
PT-2024-30175 · Unknown · Fastapi-Admin
Name of the Vulnerable Software and Affected Versions: fastapi-admin pro version 0.1.4 Description: A cross-site scripting XSS vulnerability in the Create Product function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...
PT-2024-30427 · Mediavine · Create By Mediavine
Name of the Vulnerable Software and Affected Versions: Create by Mediavine versions 1.9.8 and earlier Description: This issue exposes sensitive information to unauthorized actors. Users are urged to upgrade to the latest version to mitigate risks. Recommendations: For versions 1.9.8 and earlier,...
Enjin: Race Condition on Create API Function
Race Condition on Create API Function A race condition was discovered that allowed users to submit multiple requests within rapid succession to create additional keys beyond the defined limit on the Enjin Platform Cloud service...
SUSE CVE-2022-48932
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, Fix slab-out-of-bounds in mlx5cmddrcreatefte When adding a rule with 32 destinations, we hit the following out-of-band access issue: BUG: KASAN: slab-out-of-bounds in mlx5cmddrcreatefte+0x18ee/0x1e70 This patch fixe...
DEBIAN-CVE-2022-48932
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, Fix slab-out-of-bounds in mlx5cmddrcreatefte When adding a rule with 32 destinations, we hit the following out-of-band access issue: BUG: KASAN: slab-out-of-bounds in mlx5cmddrcreatefte+0x18ee/0x1e70 This patch fixe...
SUSE CVE-2022-48873
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Don't remove map on createrprocess and devicerelease Do not remove the map from the list on error path in fastrpcinitcreateprocess, instead call fastrpcmapput, to avoid use-after-free. Do not remove it on...
PT-2024-28691 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.8.x through 9.8.2 Mattermost versions 9.9.x through 9.9.1 Mattermost versions 9.5.x through 9.5.7 Mattermost versions 9.10.x through 9.10.0 Description: The issue allows remote/synthetic users to create sessions or reset...
CVE-2022-48873 misc: fastrpc: Don't remove map on creater_process and device_release
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Don't remove map on createrprocess and devicerelease Do not remove the map from the list on error path in fastrpcinitcreateprocess, instead call fastrpcmapput, to avoid use-after-free. Do not remove it on...
CVE-2024-7945 itsourcecode Laravel Property Management System Notes Page create cross site scripting
A vulnerability was found in itsourcecode Laravel Property Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/notes/create of the component Notes Page. The manipulation of the argument Note text leads to cross...
CVE-2024-7945
CVE-2024-7945 affects itsourcecode Laravel Property Management System 1.0. The vulnerability is a cross-site scripting flaw in the Notes Page component, specifically the /admin/notes/create functionality, caused by unsafely handling the Note text argument. Attack is described as remote and public...
itsourcecode Laravel Property Management System 跨站脚本漏洞
Laravel Property Management System is an itsourcecode open source property management system. A cross-site scripting vulnerability exists in version 1.0 of itsourcecode Laravel Property Management System, which originates from a cross-site scripting vulnerability in the Note text parameter of the...
SUSE CVE-2024-43834
In the Linux kernel, the following vulnerability has been resolved: xdp: fix invalid wait context of pagepooldestroy If the driver uses a page pool, it creates a page pool with pagepoolcreate. The reference count of page pool is 1 as default. A page pool will be destroyed only when a reference...
OSV-2024-1031 Use-of-uninitialized-value in Http3FrameFactory::create
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42537939 Crash type: Use-of-uninitialized-value Crash state: Http3FrameFactory::create Http3FrameFactory::fastcreate fuzzhttp3frame.cc...
UBUNTU-CVE-2024-42295
In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle inconsistent state in nilfsbtnodecreateblock Syzbot reported that a buffer state inconsistency was detected in nilfsbtnodecreateblock, triggering a kernel bug. It is not appropriate to treat this inconsistency as a...