5.3
CVE-2024-9620 - Event-driven automation in ansible automation platform (aap): ansible event-driven automation (eda)β¦
A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system accesβ¦
7.5
CVE-2024-43484 - .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
0.0
CVE-2024-48261 -
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-48251. Reason: This candidate is a reservation duplicate of CVE-2024-48251. Notes: All CVE users should reference CVE-2024-48251 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidentaβ¦
6.2
CVE-2024-47969 -
Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.
5.3
CVE-2024-47781 - Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki
CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS payloadβ¦
7.6
CVE-2024-47782 - Cross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscover
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page does not make any effort to escape the wiki name or description. Therefore, if a wiki sets its name β¦
5.3
CVE-2024-47817 - Unvalidated paragraph widget values can be used for Cross-site Scripting in lara-zeus
Lara-zeus Dynamic Dashboard simple way to manage widgets for your website landing page, and filament dashboard and Lara-zeus artemis is a collection of themes for the lara-zeus ecosystem. If values passed to a paragraph widget are not valid and contain a specific set of characters, applications areβ¦
4.4
CVE-2024-47968 -
Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an attacker to potentially enable denial of service.
3.9
CVE-2024-47814 - use-after-free when closing buffers in Vim
Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the usβ¦
6.5
CVE-2024-47818 - Logged-in users with any role can delete arbitrary files in @saltcorn/server
Saltcorn is an extensible, open source, no-code database application builder. A logged-in user with any role can delete arbitrary files on the filesystem by calling the `sync/clean_sync_dir` endpoint. The `dir_name` POST parameter is not validated/sanitized and is used to construct the `syncDir` thβ¦