CVE-2024 第4页
排序
CVE-2024-1483: Mlflow < 2.9.2 - Path Traversal
漏洞标题 CVE-2024-1483: Mlflow < 2.9.2 - Path Traversal 漏洞描述 A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary fil...
2024年12月19日 11:51CVE-2024-28987: SolarWinds Web Help Desk – Hardcoded Credential
漏洞标题 CVE-2024-28987: SolarWinds Web Help Desk - Hardcoded Credential 漏洞描述 The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, a...
2024年12月19日 10:28CVE-2024-1209: LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments
漏洞标题 CVE-2024-1209: LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments 漏洞描述 The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Inform...
2024年12月19日 07:11CVE-2024-8517: SPIP BigUp Plugin – Remote Code Execution
漏洞标题 CVE-2024-8517: SPIP BigUp Plugin - Remote Code Execution 漏洞描述 SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenti...
2024年12月19日 03:29CVE-2024-4325: Gradio – Server-Side Request Forgery
漏洞标题 CVE-2024-4325: Gradio - Server-Side Request Forgery 漏洞描述 A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specificall...
2024年12月18日 23:47CVE-2024-51211: openSIS Classic v9.1 – SQL Injection
漏洞标题 CVE-2024-51211: openSIS Classic v9.1 - SQL Injection 漏洞描述 SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.ph...
2024年12月18日 20:32CVE-2024-35693: WordPress 12 Step Meeting List Plugin <= 3.14.33 - Cross-Site Scripting
漏洞标题 CVE-2024-35693: WordPress 12 Step Meeting List Plugin <= 3.14.33 - Cross-Site Scripting 漏洞描述 Code for Recovery 12 Step Meeting List versions up to 3.14.33 contain a...
2024年12月18日 12:25CVE-2024-2863: LG LED Assistant – Thumbnail Path Traversal File Upload
漏洞标题 CVE-2024-2863: LG LED Assistant - Thumbnail Path Traversal File Upload 漏洞描述 A path traversal vulnerability exists in the endpoint handler for /api/thumbnail in Common....
2024年12月18日 09:08CVE-2024-4180: The Events Calendar < 6.4.0.1 - Cross-site Scripting
漏洞标题 CVE-2024-4180: The Events Calendar < 6.4.0.1 - Cross-site Scripting 漏洞描述 The Events Calendar WordPress plugin < 6.4.0.1 contains a stored XSS caused by improper ...
2024年12月17日 23:42CVE-2024-7354: Ninja Forms 3.8.6-3.8.10 – Cross-Site Scripting
漏洞标题 CVE-2024-7354: Ninja Forms 3.8.6-3.8.10 - Cross-Site Scripting 漏洞描述 The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in ...
2024年12月17日 19:14CVE-2024-8877: Riello Netman 204 – SQL Injection
漏洞标题 CVE-2024-8877: Riello Netman 204 - SQL Injection 漏洞描述 The three endpoints /cgi-bin/db_datalog_w.cgi, /cgi-bin/db_eventlog_w.cgi, and /cgi-bin/db_multimetr_w.cgi are vu...
2024年12月17日 14:34CVE-2024-47062: Navidrome < 0.53.0 - Authenticated SQL Injection
漏洞标题 CVE-2024-47062: Navidrome < 0.53.0 - Authenticated SQL Injection 漏洞描述 Navidrome is an open source web-based music collection server and streamer. Navidrome automati...
2024年12月17日 08:26CVE-2024-22024: Ivanti Pulse Connect Secure VPN XXE
漏洞标题 CVE-2024-22024: Ivanti Pulse Connect Secure VPN XXE 漏洞描述 An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti...
2024年12月17日 07:58Arcserve Unified Data Protection CVE-2024-0801 拒绝服务漏洞
漏洞标题 Arcserve Unified Data Protection CVE-2024-0801 拒绝服务漏洞 漏洞描述 Arcserve Unified Data Protection存在拒绝服务漏洞,此漏洞是由于EdgeServiceConsoleImpl接口对用户的请求验...
2024年12月17日 01:21CVE-2024-4956: Nexus Repository Manager 文件读取漏洞
漏洞标题 CVE-2024-4956: Nexus Repository Manager 文件读取漏洞 漏洞描述 Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed ...
2024年12月16日 23:36CVE-2024-24328: TotoLink Router setMacFilterRules – Command Injection
漏洞标题 CVE-2024-24328: TotoLink Router setMacFilterRules - Command Injection 漏洞描述 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulner...
2024年12月16日 21:18
