3.5

CVSS3.1

CVE-2024-3612 - SourceCodester Warehouse Management System barang.php cross site scripting

A vulnerability was found in SourceCodester Warehouse Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file barang.php. The manipulation of the argument nama_barang/merek leads to cross site scripting. The attack can be la…

πŸ“… Published: April 10, 2024, 11:31 p.m. πŸ”„ Last Modified: Feb. 18, 2025, 5:46 p.m.

2.2

CVSS3.1

CVE-2024-32001 - SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used

SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return the subjects found under subjects for either `folder` or `f…

πŸ“… Published: April 10, 2024, 10:25 p.m. πŸ”„ Last Modified: Sept. 2, 2025, 7:25 p.m.

7.4

CVSS3.1

CVE-2024-31999 - @fastify/secure-session: Reuse of destroyed secure session cookie

@festify/secure-session creates a secure stateless cookie session for Fastify. At the end of the request handling, it will encrypt all data in the session with a secret key and attach the ciphertext as a cookie value with the defined cookie name. After that, the session on the server side is destro…

πŸ“… Published: April 10, 2024, 9:59 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS3.1

CVE-2024-31995 - zcap has incomplete expiration checks in capability chains.

`@digitalbazaar/zcap` provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the `expires` property is not properly checked against the current …

πŸ“… Published: April 10, 2024, 9:57 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

10

CVSS3.1

CVE-2024-31997 - XWiki Platform remote code execution from account through UIExtension parameters

XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. This…

πŸ“… Published: April 10, 2024, 9:55 p.m. πŸ”„ Last Modified: Jan. 9, 2025, 7:02 p.m.

10

CVSS3.1

CVE-2024-31996 - XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution

XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape `{`, which, when used in certain places, allows XWiki syntax injection and thereby remote code executio…

πŸ“… Published: April 10, 2024, 8:46 p.m. πŸ”„ Last Modified: Jan. 9, 2025, 6:50 p.m.

9.7

CVSS3.1

CVE-2024-31988 - XWiki Platform CSRF remote code execution through the realtime HTML Converter API

XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by …

πŸ“… Published: April 10, 2024, 8:40 p.m. πŸ”„ Last Modified: Feb. 21, 2025, 5:03 p.m.

0.0

CVE-2023-7255 -

Assigned as duplicate and no longer used.

πŸ“… Published: April 10, 2024, 8:40 p.m. πŸ”„ Last Modified: Dec. 3, 2024, 6:15 p.m.

10

CVSS3.1

CVE-2024-31987 - XWiki Platform remote code execution from account via custom skins support

XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote cod…

πŸ“… Published: April 10, 2024, 8:32 p.m. πŸ”„ Last Modified: Jan. 21, 2025, 3:35 p.m.

9.1

CVSS3.1

CVE-2024-31986 - XWiki Platform CSRF remote code execution through scheduler job's document reference

XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an a…

πŸ“… Published: April 10, 2024, 8:27 p.m. πŸ”„ Last Modified: Jan. 21, 2025, 3:43 p.m.
Total resulsts: 349182
Page 10328 of 34,919
Β« previous page Β» next page
Filters