Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-8373 | 1 Angularjs | 1 Angular.js | 2024-09-17 | N/A | 4.3 MEDIUM |
Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status . | |||||
CVE-2024-39283 | 1 Intel | 1 Tdx Module Software | 2024-09-12 | N/A | 7.8 HIGH |
Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2024-32162 | 2024-08-01 | N/A | 4.3 MEDIUM | ||
CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion. | |||||
CVE-2024-27489 | 2024-08-01 | N/A | N/A | ||
An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request. | |||||
CVE-2024-39899 | 2024-07-11 | N/A | 5.3 MEDIUM | ||
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can shorten any URL pointing to the configured PrivateBin instance. The vulnerability allowed other URLs to be shortened, as long as they contain the PrivateBin instance, defeating the limit imposed by the proxy. This vulnerability is fixed in 1.7.4. |