Vulnerabilities (CVE)

Filtered by CWE-791
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-8373 1 Angularjs 1 Angular.js 2024-09-17 N/A 4.3 MEDIUM
Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .
CVE-2024-39283 1 Intel 1 Tdx Module Software 2024-09-12 N/A 7.8 HIGH
Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-32162 2024-08-01 N/A 4.3 MEDIUM
CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion.
CVE-2024-27489 2024-08-01 N/A N/A
An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request.
CVE-2024-39899 2024-07-11 N/A 5.3 MEDIUM
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. In v1.5, PrivateBin introduced the YOURLS server-side proxy. The idea was to allow using the YOURLs URL shortener without running the YOURLs instance without authentication and/or exposing the authentication token to the public, allowing anyone to shorten any URL. With the proxy mechanism, anyone can shorten any URL pointing to the configured PrivateBin instance. The vulnerability allowed other URLs to be shortened, as long as they contain the PrivateBin instance, defeating the limit imposed by the proxy. This vulnerability is fixed in 1.7.4.