EQST-Lab/PoC

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-23997 ↗	Jul 5, 2024Friday, 5 July 2024, 16:15	9.6 CRITICAL	—
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts.
CVE-2024-23998 ↗	Jul 5, 2024Friday, 5 July 2024, 16:15	9.6 CRITICAL	—
goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via src/components/Setting.vue.
CVE-2024-23995 ↗	Apr 29, 2024Monday, 29 April 2024, 16:15	6.1 MEDIUM	—
Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container.
CVE-2024-25503 ↗	Apr 4, 2024Thursday, 4 April 2024, 08:15	4.7 MEDIUM	—
Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the edit details parameter of the New Project function.
CVE-2024-22891 ↗	Mar 1, 2024Friday, 1 March 2024, 06:15	9.8 CRITICAL	—
Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link.
CVE-2024-25293 ↗	Mar 1, 2024Friday, 1 March 2024, 06:15	9.3 CRITICAL	—
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute.
CVE-2024-25291 ↗	Feb 29, 2024Thursday, 29 February 2024, 07:15	9.8 CRITICAL	—
Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.
CVE-2024-25292 ↗	Feb 29, 2024Thursday, 29 February 2024, 07:15	9.6 CRITICAL	—
Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter.