|
1
|
4.3 |
MEDIUM
Physics
|
redhat
opensc_project
|
enterprise_linux
opensc
|
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially craft…
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-45619
|
2024-09-24 08:26 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
7.2 |
HIGH
Network
|
acquia
|
mautic
|
Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.
The user could retrieve and alter data like sensitive data, login, and…
Update
|
CWE-89
SQL Injection
|
CVE-2022-25775
|
2024-09-24 08:22 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
5.4 |
MEDIUM
Network
|
acquia
|
mautic
|
Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.
Users could inject malicious code into the notification when sa…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-25774
|
2024-09-24 08:21 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
- |
|
-
|
-
|
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
New
|
-
|
CVE-2024-7024
|
2024-09-24 08:15 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
- |
|
-
|
-
|
Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
New
|
-
|
CVE-2024-7023
|
2024-09-24 08:15 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
4.8 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS versions 9.0.0 through 9.3.3 are affected by a
stored XSS vulnerability in the "Top Navigator Bar" block.
Since the "Top Navigator Bar" output was not sufficiently sanitized, a rogue adm…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8660
|
2024-09-24 08:00 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
5.5 |
MEDIUM
Local
|
apple
|
visionos
|
The issue was addressed with improved handling of caches. This issue is fixed in visionOS 2. An app may be able to read sensitive data from the GPU memory.
Update
|
NVD-CWE-noinfo
|
CVE-2024-40790
|
2024-09-24 07:55 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
4.8 |
MEDIUM
Network
|
ingenico
|
estate_management
|
A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-6059
|
2024-09-24 07:44 |
2024-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
6.1 |
MEDIUM
Network
|
labvantage
|
laboratory_information_management_system
|
A vulnerability classified as problematic has been found in LabVantage LIMS 2017. This affects an unknown part of the file /labvantage/rc?command=page&page=SampleHistoricalList&_iframename=list&__crc…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-6058
|
2024-09-24 07:40 |
2024-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
7.5 |
HIGH
Network
kubeflow
|
kubeflow
|
kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely e…
Update
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2024-5552
|
2024-09-24 07:31 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
