Lucene search
+L

213 matches found

Cvelist
Cvelist
added 2024/11/08 10:28 p.m.23 views

CVE-2024-52007 XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS0.00918EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/11/04 10:42 p.m.22 views

CVE-2024-51502 Panic Vulnerability in loona-hpack

loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. loona-hpack suffers from the same vulnerability as the original hpack as documented in issue 11. All users who try to decode untrusted input using the Decoder are vulnerable to this exploit. This issue has be...

5.1CVSS0.0046EPSS
Exploits0References3
OSV
OSV
added 2024/10/09 7:15 p.m.8 views

PYSEC-2024-168

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advis...

6.5CVSS6.4AI score0.00252EPSS
Exploits1References1
OSV
OSV
added 2024/10/09 6:25 p.m.13 views

CVE-2024-47833 Session Cookie without Secure and HTTPOnly flags in taipy

Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers. In affected versions session cookies are served without Secure and HTTPOnly flags. This issue has been addressed in release version 4.0.0 and all users are advis...

6.3CVSS6.6AI score0.00252EPSS
Exploits1References3
CVE
CVE
added 2024/10/08 5:54 p.m.123 views

CVE-2024-47822

CVE-2024-47822 – Directus : The issue arises from access tokens in query strings not being redacted when LOG_STYLE is set to raw, allowing potential exposure of long‑lived tokens in system logs. This could enable an attacker with log access to gain administrative control or perform unauthorized d...

4.2CVSS4.9AI score0.00311EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/07 8:45 p.m.17 views

CVE-2024-47610 Stored Cross-site Scripting Vulnerability in Markdown Editor

InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addresse...

7.3CVSS6.5AI score0.00298EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/07 8:38 p.m.22 views

CVE-2024-43365 Stored Cross-site Scripting (XSS) when creating external links in Cacti

Cacti is an open source performance and fault management framework. Theconsolenewsection parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in index.php, finally leading t...

5.7CVSS0.22393EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/10/07 8:38 p.m.17 views

CVE-2024-43365 Stored Cross-site Scripting (XSS) when creating external links in Cacti

Cacti is an open source performance and fault management framework. Theconsolenewsection parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in index.php, finally leading t...

5.7CVSS5.4AI score0.22393EPSS
Exploits1References1
CVE
CVE
added 2024/10/07 8:38 p.m.70 views

CVE-2024-43365

CVE-2024-43365 affects Cacti. The issue is a stored XSS in the consolenewsection parameter when creating external links (links.php), which is saved in the database and reflected in index.php. Exploitation requires user privileges to create external links; input is stored and displayed without pro...

8.2CVSS5.8AI score0.22393EPSS
Exploits1References2Affected Software1
AlpineLinux
AlpineLinux
added 2024/10/07 8:38 p.m.47 views

CVE-2024-43364

Cacti is an open source performance and fault management framework. The title parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users wit...

8.2CVSS6.1AI score0.34191EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/07 7:55 p.m.19 views

CVE-2024-47079 Unauthorized usage of remote hardware module because of missing channel verification

Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmware implementation for the broader project. The remote hardware module of the firmware does not have proper checks to ensure a remote...

6.4CVSS7.2AI score0.00194EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/19 10:54 p.m.64 views

CVE-2023-27584 Dragonfly2 vulnerable to hard coded cyptographic key

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...

9.8CVSS0.33618EPSS
Exploits1References2
NVD
NVD
added 2024/09/18 6:15 p.m.34 views

CVE-2024-46987

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's downloadprivatefile method allows authenticated users to download any file on the web server Camaleon CMS is running on depending on the file...

7.7CVSS0.1456EPSS
Exploits11References5
NVD
NVD
added 2024/09/18 6:15 p.m.44 views

CVE-2024-46989

spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resourc...

5.3CVSS0.0029EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/18 5:29 p.m.26 views

CVE-2024-46989 Multiple caveats on resources of the same type can result in no permission when permission is expected

spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resourc...

3.7CVSS6.8AI score0.0029EPSS
Exploits0References2
CVE
CVE
added 2024/09/18 5:15 p.m.217 views

CVE-2024-46987

CVE-2024-46987 affects Camaleon CMS (Ruby on Rails). A path traversal flaw exists in the MediaController download_private_file endpoint, where the file parameter is not properly sanitized, allowing an authenticated user to read arbitrary server files (information disclosure). Affected versions ar...

7.7CVSS7.4AI score0.1456EPSS
Exploits11References5Affected Software1
OSV
OSV
added 2024/09/18 5:15 p.m.25 views

CVE-2024-46987 Arbitrary path traversal in Camaleon CMS

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's downloadprivatefile method allows authenticated users to download any file on the web server Camaleon CMS is running on depending on the file...

7.7CVSS6.3AI score0.1456EPSS
Exploits11References7
OSV
OSV
added 2024/09/18 5:14 p.m.29 views

CVE-2024-46986 Arbitrary file write leading to RCE in Camaleon CMS

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on...

9.9CVSS7.9AI score0.35461EPSS
Exploits2References7
Cvelist
Cvelist
added 2024/09/16 6:38 p.m.23 views

CVE-2024-32034 Cross-site scripting (XSS) in the decidim admin activity log

decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting XSS attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admi...

6.8CVSS0.00353EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/09/07 12:0 a.m.38 views

FreeBSD : forgejo -- multiple vulnerabilities (a5e13973-6c75-11ef-858b-23eeba13701a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a5e13973-6c75-11ef-858b-23eeba13701a advisory. - Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, y...

6.4CVSS6.6AI score0.00904EPSS
Exploits1References3
Rows per page
Query Builder