Show filters
335,046 Total Results
Displaying 61-70 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown

CVE-2024-52598

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the image of a 2fa site. By abusing this functionality, it is possible to force the application to make a GET request to an arbitrary URL, whose content will be stored in an image file in the server if it looks like an image. Additionally, the library does some basic validation on the URI, attempting to filter our URIs which do not have an image extension. However, this can be easily bypassed by appending the string `#.svg` to the URI. The combination of these two issues allows an attacker to retrieve URIs accessible from the application, as long as their content type is text based. If not, the request is still sent, but the response is not reflected to the attacker. Version 5.4.1 fixes the issue…
0
Attacker Value
Unknown

CVE-2024-52473

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sandeep Verma HTML5 Lyrics Karaoke Player allows Reflected XSS.This issue affects HTML5 Lyrics Karaoke Player: from n/a through 2.4.
0
Attacker Value
Unknown

CVE-2024-52472

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Weather Atlas Weather Atlas Widget allows Reflected XSS.This issue affects Weather Atlas Widget: from n/a through 3.0.1.
0
Attacker Value
Unknown

CVE-2024-52471

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor allows Reflected XSS.This issue affects Extensions for Elementor: from n/a through 2.0.37.
0
Attacker Value
Unknown

CVE-2024-52470

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainvireinfo Dynamic URL SEO allows Reflected XSS.This issue affects Dynamic URL SEO: from n/a through 1.0.
0
Attacker Value
Unknown

CVE-2024-51209

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page.
0
Attacker Value
Unknown

CVE-2024-51208

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter.
0
Attacker Value
Unknown

CVE-2024-10094

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code
0
Attacker Value
Unknown

CVE-2024-9479

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.
0
Attacker Value
Unknown

CVE-2024-9478

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.
0