7.2
CVE-2024-8957 - PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthβ¦
6.4
CVE-2024-45812 - DOM Clobbering gadget found in vite bundled scripts that leads to XSS in Vite
Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to `cjs`/`iife`/`umd` output format. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scβ¦
5.3
CVE-2024-8951 - SourceCodester Resort Reservation System manage_fee.php cross site scripting
A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_fee.php. The manipulation of the argument toview leads to cross site scripting. The attack can be launched remotely. Theβ¦
9.1
CVE-2024-8956 - PTZOptics NDI and SDI Cameras /cgi-bin/param.cgi Insufficient Authentication
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leaβ¦
4.3
CVE-2024-45604 - Directory traversal in the file selector widget in contao/core-bundle
Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability.
8.3
CVE-2024-45398 - Remote command execution through file upload in contao/core-bundle
Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does nβ¦
6.5
CVE-2024-45605 - Improper authorization on deletion of user issue alert notifications in sentry
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notificatβ¦
7.1
CVE-2024-45606 - Improper authorization on muting of alert rules in sentry
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we β¦
5.3
CVE-2024-8949 - SourceCodester Online Eyewear Shop Cart Content Master.php improper ownership management
A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. This affects an unknown part of the file /classes/Master.php of the component Cart Content Handler. The manipulation of the argument cart_id/id leads to improper ownership management. It is possible to β¦
6.9
CVE-2024-8948 - MicroPython objint.c mpz_as_bytes heap-based overflow
A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and maβ¦