2041
|
6.5 |
MEDIUM
Network
|
backstage
|
backstage
|
Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak …
|
CWE-22
Path Traversal
|
CVE-2024-45816
|
2024-09-24 03:41 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2042
|
7.5 |
HIGH
Network
ayesa
|
ibermatica_rps
|
A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2023-3350
|
2024-09-24 03:35 |
2023-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2043
|
6.1 |
MEDIUM
Network
|
phpkobo
|
ajaxnewsticker
|
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.
|
CWE-79
Cross-site Scripting
|
CVE-2023-41447
|
2024-09-24 03:35 |
2023-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2044
|
6.1 |
MEDIUM
Network
|
phpkobo
|
ajaxnewsticker
|
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.
|
CWE-79
Cross-site Scripting
|
CVE-2023-41446
|
2024-09-24 03:35 |
2023-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2045
|
7.3 |
HIGH
Local
|
oracle
|
vm_virtualbox
|
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows low pri…
|
NVD-CWE-noinfo
|
CVE-2022-39421
|
2024-09-24 03:35 |
2022-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2046
|
7.5 |
HIGH
Network
oracle
|
access_manager
|
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allow…
|
NVD-CWE-noinfo
|
CVE-2022-39412
|
2024-09-24 03:35 |
2022-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2047
|
8.1 |
HIGH
Network
|
oracle
|
peoplesoft_enterprise_common_components
|
Vulnerability in the PeopleSoft Enterprise Common Components product of Oracle PeopleSoft (component: Approval Framework). The supported version that is affected is 9.2. Easily exploitable vulnerabil…
|
NVD-CWE-noinfo
|
CVE-2022-39406
|
2024-09-24 03:35 |
2022-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2048
|
6.5 |
MEDIUM
Network
|
backstage
|
backstage
|
Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the s…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2024-45815
|
2024-09-24 03:31 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2049
|
5.4 |
MEDIUM
Network
|
backstage
|
backstage
|
Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-46976
|
2024-09-24 03:27 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2050
|
6.1 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8907
|
2024-09-24 03:23 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|