651
|
5.4 |
MEDIUM
Network
|
mmrs151
|
daily_prayer_time
|
The Daily Prayer Time WordPress plugin before 2021.08.10 does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issu…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24523
|
2024-10-4 21:53 |
2021-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
652
|
7.1 |
HIGH
Network
|
redhat
|
keycloak single_sign-on build_of_keycloak
|
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin opti…
|
CWE-384
Session Fixation
|
CVE-2024-7341
|
2024-10-4 21:48 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
653
|
4.2 |
MEDIUM
Network
|
redhat
|
quay
|
A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the…
|
NVD-CWE-Other
|
CVE-2024-5891
|
2024-10-4 21:32 |
2024-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
654
|
4.8 |
MEDIUM
Network
|
podman_project redhat fedoraproject
|
podman enterprise_linux openshift_container_platform fedora
|
A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-3056
|
2024-10-4 21:31 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
655
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9435
|
2024-10-4 16:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
656
|
- |
|
-
|
-
|
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
|
-
|
CVE-2024-6444
|
2024-10-4 16:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
657
|
4.4 |
MEDIUM
Network
|
-
|
-
|
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and outp…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9306
|
2024-10-4 16:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
658
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9242
|
2024-10-4 15:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
659
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8804
|
2024-10-4 15:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
660
|
- |
|
-
|
-
|
In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.
|
-
|
CVE-2024-6443
|
2024-10-4 15:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|