Page(s) : 1 ... 7 8 9 10 11 12 13 14 15 16 [17] 18 19 20 21 22 23 24 25 26 27 ... | Result(s) : 293151 |
Alerts
DATE | NAME | CATEGORIES | DETAIL | |
---|---|---|---|---|
N/A | 2024-10-29 | CVE-2024-7475 | cve | An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead... |
9.1 | 2024-10-29 | CVE-2024-7774 | cve | A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the fi... |
7.5 | 2024-10-29 | CVE-2024-7783 | cve | mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used ... |
N/A | 2024-10-29 | CVE-2024-7807 | cve | A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of chara... |
7.5 | 2024-10-29 | CVE-2024-7962 | cve | An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can rea... |
4.3 | 2024-10-29 | CVE-2024-8143 | cve | In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. ... |
N/A | 2024-10-29 | CVE-2024-8309 | cve | A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unautho... |
5.4 | 2024-10-29 | CVE-2024-10226 | cve | The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.... |
6.1 | 2024-10-29 | CVE-2024-47640 | cve | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs WP ERP allows Reflected XSS.This issue affects WP E... |
6.1 | 2024-10-29 | CVE-2024-49632 | cve | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Coral Web Design CWD 3D Image Gallery allows Reflected XSS... |
6.1 | 2024-10-29 | CVE-2024-49634 | cve | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rimon Habib BP Member Type Manager allows Reflected XSS.Th... |
N/A | 2024-10-29 | CVE-2024-51075 | cve | A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/user-search.php in PHPGurukul Online DJ Booking Management System v1.0, which allows remote attacke... |
N/A | 2024-10-29 | CVE-2024-51076 | cve | A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attac... |
5.4 | 2024-10-29 | CVE-2024-9505 | cve | The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and incl... |
N/A | 2024-10-29 | CVE-2024-48921 | cve | Kyverno is a policy engine designed for Kubernetes. A kyverno ClusterPolicy, ie. "disallow-privileged-containers," can be overridden by the creation of a PolicyException in a ra... |
N/A | 2024-10-29 | CVE-2024-49768 | cve | Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a second... |
N/A | 2024-10-29 | CVE-2024-49769 | cve | Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() wa... |
N/A | 2024-10-29 | CVE-2024-50334 | cve | Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL,... |
8.8 | 2024-10-29 | CVE-2024-10008 | cve | The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization c... |
6.4 | 2024-10-29 | CVE-2024-10000 | cve | The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the question's content parameter... |
Page(s) : 1 ... 7 8 9 10 11 12 13 14 15 16 [17] 18 19 20 21 22 23 24 25 26 27 ... | Result(s) : 293151 |