11
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMConference.asmx function.
New
|
-
|
CVE-2024-40508
|
2024-09-27 07:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
12
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMPersonnel.asmx function.
New
|
-
|
CVE-2024-40507
|
2024-09-27 07:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
13
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMHospitality.asmx function.
New
|
-
|
CVE-2024-40506
|
2024-09-27 07:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
14
|
9.8 |
CRITICAL
Network
silabs
|
emberznet
|
TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outsi…
Update
|
CWE-672 CWE-772
Operation on a Resource after Expiration or Release Missing Release of Resource after Effective Lifetime
|
CVE-2023-41094
|
2024-09-27 07:15 |
2023-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
15
|
7.5 |
HIGH
Network
hashicorp
|
vault
|
The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-5077
|
2024-09-27 07:15 |
2023-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
16
|
4.9 |
MEDIUM
Network
|
hashicorp
|
vault
|
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, poten…
Update
|
NVD-CWE-noinfo
|
CVE-2023-3775
|
2024-09-27 07:15 |
2023-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
17
|
4.9 |
MEDIUM
Network
|
hashicorp
|
vault
|
An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.
Update
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2023-3774
|
2024-09-27 07:15 |
2023-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
18
|
6.5 |
MEDIUM
Network
|
mediajedi
|
user_private_files
|
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc'…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-7848
|
2024-09-27 07:12 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
19
|
5.3 |
MEDIUM
Network
maxfoundry
|
maxbuttons
|
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to …
Update
|
NVD-CWE-noinfo
|
CVE-2024-6499
|
2024-09-27 07:07 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
20
|
5.4 |
MEDIUM
Network
|
pixelgrade
|
nova_blocks
|
The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8241
|
2024-09-27 07:03 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|