Total
271657 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-43785 | 2024-08-23 | N/A | 2.5 LOW | ||
gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a repository's paths, author and committer names, commit messages, or other metadata. Such text may be written as part of the output of a command, as well as appearing in error messages when an operation fails. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages. | |||||
CVE-2024-43787 | 2024-08-23 | N/A | 5.0 MEDIUM | ||
Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. As a result, attacker can bypass csrf middleware using upper-case form-like MIME type. This vulnerability is fixed in 4.5.8. | |||||
CVE-2024-42762 | 2024-08-23 | N/A | 5.4 MEDIUM | ||
A Stored Cross Site Scripting (XSS) vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name, Phone, and Email parameter fields. | |||||
CVE-2024-43883 | 2024-08-23 | N/A | N/A | ||
In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speaking closes ZDI-CAN-22273, though there may be similar races in the driver. | |||||
CVE-2024-42767 | 2024-08-23 | N/A | 7.2 HIGH | ||
Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. | |||||
CVE-2024-42770 | 2024-08-23 | N/A | 4.7 MEDIUM | ||
A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter. | |||||
CVE-2024-7986 | 2024-08-23 | N/A | N/A | ||
A vulnerability exists in the Rockwell Automation ThinManager® ThinServer that allows a threat actor to disclose sensitive information. A threat actor can exploit this vulnerability by abusing the ThinServer™ service to read arbitrary files by creating a junction that points to the target directory. | |||||
CVE-2024-32939 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 3.7 LOW |
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server." | |||||
CVE-2024-39810 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 4.9 MEDIUM |
Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the connection, cause the application to crash. | |||||
CVE-2024-39836 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 6.5 MEDIUM |
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset passwords, when they are valid, functional emails. | |||||
CVE-2024-42782 | 1 Lopalopa | 1 Music Management System | 2024-08-23 | N/A | 9.8 CRITICAL |
A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter. | |||||
CVE-2024-42781 | 1 Lopalopa | 1 Music Management System | 2024-08-23 | N/A | 9.8 CRITICAL |
A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter. | |||||
CVE-2024-7330 | 1 Youdiancms | 1 Youdiancms | 2024-08-23 | 6.5 MEDIUM | 6.3 MEDIUM |
A vulnerability has been found in YouDianCMS 7 and classified as critical. Affected by this vulnerability is the function curl_exec of the file /App/Core/Extend/Function/ydLib.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-42780 | 1 Lopalopa | 1 Music Management System | 2024-08-23 | N/A | 8.8 HIGH |
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
CVE-2024-40886 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 8.8 HIGH |
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console. | |||||
CVE-2024-42777 | 1 Lopalopa | 1 Music Management System | 2024-08-23 | N/A | 9.8 CRITICAL |
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
CVE-2024-42779 | 1 Lopalopa | 1 Music Management System | 2024-08-23 | N/A | 8.8 HIGH |
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
CVE-2024-42411 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 5.3 MEDIUM |
Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST /api/v4/users tricking the admin into believing their account is much older. | |||||
CVE-2024-43813 | 1 Mattermost | 1 Mattermost | 2024-08-23 | N/A | 4.3 MEDIUM |
Mattermost versions 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 fail to enforce proper access controls which allows any authenticated user, including guests, to mark any channel inside any team as read for any user. | |||||
CVE-2024-42564 | 2024-08-23 | N/A | 7.6 HIGH | ||
ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/inventory/delete?action=delete. |