8.3
CVE-2024-42370 - Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In versions 2.10.0 and prior, Litestar's `docs-preview.yml` workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the permβ¦
9.8
CVE-2024-42469 - CometVisu Backend for openHAB affected by RCE through path traversal
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal. Thβ¦
5.3
CVE-2024-42468 - Path traversal (CometVisu)
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the CometVβ¦
10
CVE-2024-42467 - CometVisu Backend for openHAB affected by SSRF/XSS
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Side Request Forgery β¦
6.5
CVE-2024-42470 - CometVisu Backend for openHAB has a sensitive information disclosure vulnerability
openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attackers to modify or to sβ¦
4.2
CVE-2024-32765 - QTS, QuTS hero
A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8β¦
6.3
CVE-2023-38018 - IBM Aspera Shares session fixation
IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574.
6.9
CVE-2024-7645 - SourceCodester Clinics Patient Management System User Page users.php cross-site request forgery
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file users.php of the component User Page. The manipulation leads to cross-site request forgery. The attack can be initiated remotelβ¦
5.3
CVE-2024-7644 - SourceCodester Leads Manager Tool Add Leads add-leads.php cross site scripting
A vulnerability was found in SourceCodester Leads Manager Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-leads.php of the component Add Leads Handler. The manipulation of the argument leads_name/phone_number leads to cross site scripting. It β¦
5.3
CVE-2024-7643 - SourceCodester Leads Manager Tool Delete Leads delete-leads.php sql injection
A vulnerability was found in SourceCodester Leads Manager Tool 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/delete-leads.php of the component Delete Leads Handler. The manipulation of the argument leads leads to sql injection. The attackβ¦