9.3
CVE-2024-56330 - Session VNC may be accessed by other sessions on the same host in stardust
Stardust is a platform for streaming isolated desktop containers. With this exploit, inter container communication (ICC) is not disabled. This would allow users within a container to access another containers agent, therefore compromising access.The problem has been patched in any Stardust build paβ¦
6.9
CVE-2024-12842 - Emlog Pro user.php cross site scripting
A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed β¦
8.9
CVE-2024-56329 - Account Takeover Vulnerability in Social Account Linking in joelbutcher/socialstream
Socialstream is a third-party package for Laravel Jetstream. It replaces the published authentication and profile scaffolding provided by Laravel Jetstream, with scaffolding that has support for Laravel Socialite. When linking a social account to an already authenticated user, the lack of a confirmβ¦
9.4
CVE-2024-56333 - Remote code execution in onyxia-api
Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential consequencβ¦
6.8
CVE-2024-56331 - Local File Inclusion (LFI) via Improper URL Handling in uptime-kuma's `Real-Browser` monitor
Uptime Kuma is an open source, self-hosted monitoring tool. An **Improper URL Handling Vulnerability** allows an attacker to access sensitive local files on the server by exploiting the `file:///` protocol. This vulnerability is triggered via the **"real-browser"** request type, which takes a screeβ¦
8.8
CVE-2024-12867 - Server-Side Request Forgery in Arctic Hub URL Mapper allows an unauthenticated remote attacker to eβ¦
Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data.
6.9
CVE-2024-12841 - Emlog Pro tag.php cross site scripting
A vulnerability was found in Emlog Pro up to 2.4.1. It has been classified as problematic. This affects an unknown part of the file /admin/tag.php. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed β¦
8.5
CVE-2024-12677 - Delta Electronics DTM Soft Deserialization of Untrusted Data
Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code.
8.6
CVE-2024-10385 - Stored XSS in DirectAdmin Evo Skin
Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their privileges, including command execution.Β Tβ¦
9.8
CVE-2024-56337 - Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The following versions were EOL at the time the CVE was created but are known to be affeβ¦