8.7
CVE-2024-8781 - Container Escape Vulnerability in TR7's Application Security Platform (ASP)
Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform (ASP) allows Privilege Escalation, -Privilege Abuse.This issue affects Application Security Platform (ASP): v1.4.25.188.
7.5
CVE-2024-11318 - IDOR vulnerability in AbsysNet
An IDOR (Insecure Direct Object Reference) vulnerability has been discovered in AbsysNet, affecting version 2.3.1. This vulnerability could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifier on the "/cgi-bin/ocap/" endpoint.
7.1
CVE-2024-9526 - Stored XSS in Kubeflow Pipeline View
There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI.ย The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a stored XSS. We recomโฆ
8.7
CVE-2024-11303 - Path Traversal
The pathname of the root directory to a Restricted Directory ('Path Traversal') vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601: through 1.2.
8.8
CVE-2024-3370 - SQLi in Egebilgi Software's Website Template
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egebilgi Software Website Template allows SQL Injection.This issue affects Website Template: before 29.04.2024.
6.1
CVE-2024-52318 - Apache Tomcat: Incorrect JSP tag recycling leads to XSS
Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.
4.8
CVE-2024-11319 - Stored XSS in Open Source Project "django-cms"
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.
6.5
CVE-2024-52317 - Apache Tomcat: Request/response mix-up with HTTP/2
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat.ย Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.โฆ
9.8
CVE-2024-52316 - Apache Tomcat: Authentication bypass when using Jakarta Authentication API
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC)ย ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the auโฆ
4.3
CVE-2024-48901 - Moodle: idor when fetching report schedules
A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.