2481
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-27858
|
2024-09-24 04:56 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2482
|
7.1 |
HIGH
Local
|
acronis
|
agent
|
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343.
|
CWE-862
Missing Authorization
|
CVE-2023-45246
|
2024-09-24 04:54 |
2023-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2483
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service.
|
NVD-CWE-noinfo
|
CVE-2024-23237
|
2024-09-24 04:53 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2484
|
7.2 |
HIGH
Network
|
litellm
|
litellm
|
An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` endpoint. The vulnerability arises due to improper neutralization of special elem…
|
CWE-89
SQL Injection
|
CVE-2024-5225
|
2024-09-24 04:46 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2485
|
7.5 |
HIGH
Network
|
drupal
|
drupal
|
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading…
|
NVD-CWE-noinfo
|
CVE-2023-5256
|
2024-09-24 04:35 |
2023-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2486
|
4.8 |
MEDIUM
Network
|
ritecms
|
ritecms
|
Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu.
|
CWE-79
Cross-site Scripting
|
CVE-2023-43879
|
2024-09-24 04:35 |
2023-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2487
|
5.3 |
MEDIUM
Network
oracle
|
access_manager
|
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerabili…
|
NVD-CWE-noinfo
|
CVE-2022-39405
|
2024-09-24 04:35 |
2022-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2488
|
6.4 |
MEDIUM
Network
|
oracle
|
banking_trade_finance
|
Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit v…
|
NVD-CWE-noinfo
|
CVE-2022-21586
|
2024-09-24 04:35 |
2022-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2489
|
5.3 |
MEDIUM
Network
contao
|
contao
|
Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to…
|
CWE-74
Injection
|
CVE-2024-45612
|
2024-09-24 04:33 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2490
|
6.1 |
MEDIUM
Local
|
apple
|
macos iphone_os ipados
|
A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using pri…
|
NVD-CWE-noinfo
|
CVE-2024-40826
|
2024-09-24 04:25 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|