6.9
CVE-2024-11673 - 1000 Projects Bookstore Management System cross-site request forgery
A vulnerability, which was classified as problematic, has been found in 1000 Projects Bookstore Management System 1.0. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the publicโฆ
7.3
CVE-2024-53268 - Lack of validation on openExternal allows 1 click remote code execution in joplin
Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environmenโฆ
7.1
CVE-2024-53258 - download_all_submissions allows student to download another student's submissions in Autolab
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for leakage of submissiโฆ
2
CVE-2024-53261 - Cross-Site Scripting attack (XSS) on dev mode 404 page in SvelteKit
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. "Unsanitized input from *the request URL* flows into `end`, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS)." The files `packages/kiโฆ
2
CVE-2024-53262 - Unescaped error message included on error page in SvelteKit
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered when everything else fails. It can contain โฆ
5.3
CVE-2024-53255 - Reflected Cross-site Scripting in /admin?page=media via file Parameter in BoidCMS
BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting (XSS) vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to โฆ
8.2
CVE-2024-52811 - Acks not validated before logged to qlog leads to buffer overflow in ngtcp2
The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In `ngtcp2_conn::conn_recv_pkt` for an ACK, there was new logic that got added to skip `conn_recv_ack` if an ack has alreaโฆ
5.8
CVE-2024-52529 - Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in Cilium
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the first policy's range โฆ
5.4
CVE-2024-32468 - Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTโฆ
Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the `deno_doc` crate which lead to Self-XSS with deno doc --html. 1.) XSS in generated `search_index.js`, `deno_doc` outputs a JavaScript file for searching. However, the generatโฆ
4.6
CVE-2024-51723 - Vulnerability in Management Console Impacts BlackBerry AtHoc
A Stored Cross-Site Scripting (XSS) vulnerability in the Management Console of BlackBerry AtHoc version 7.15 could allow an attacker to potentially execute actions in the context of the victim's session.