3.5
CVE-2024-6620 -
Honeywell PC42t, PC42tp, and PC42d Printers, T10.19.020016 to T10.20.060398, contain a cross-site scripting vulnerability. A(n) attacker could potentially inject malicious code which may lead to information disclosure, session theft, or client-side request forgery. Honeywell recommends updating to โฆ
5.4
CVE-2024-6578 - Stored XSS in aimhubio/aim
A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the `dangerouslySetInnerHTML` fโฆ
5.4
CVE-2024-6727 - Broken Access Control in Delphix
A flaw in versions of Delphix Data Control Tower (DCT) prior to 19.0.0 results in broken authentication through the enable-scale-testing functionality of the application.
8.8
CVE-2024-6726 - Remote Code Execution (RCE) in Delphix
Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code Execution (RCE).
8.3
CVE-2024-6748 - SQL Injection
Zohocorp ManageEngineย OpManager, OpManager Plus, OpManager MSP and RMM versionsย 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring.
8.7
CVE-2024-41819 - Note Mark has a stored XSS in the note link href attribute
Note Mark is a web-based Markdown notes app. A stored cross-site scripting (XSS) vulnerability in Note Mark allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. This vulnerability is fixed in 0.13.1.
6.1
CVE-2024-41810 - HTML injection in HTTP redirect body
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scriptโฆ
8.4
CVE-2024-41799 - tgstation-server's DreamMaker environment files outside the deployment directory can be compiled anโฆ
tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-serโฆ
4.1
CVE-2024-41676 - Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
Magento-lts is a long-term support alternative to Magento Community Edition (CE). This XSS vulnerability affects the design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt system configs.They are intended to enable admins to set a text in the two casโฆ
8.3
CVE-2024-41671 - twisted.web has disordered HTTP pipeline response
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.