|
741
|
8.8 |
HIGH
Network
|
rems
|
online_timesheet_app
|
A vulnerability, which was classified as critical, was found in SourceCodester Online Timesheet App 1.0. This affects an unknown part of the file /endpoint/delete-timesheet.php. The manipulation of t…
|
CWE-89
SQL Injection
|
CVE-2024-9319
|
2024-10-1 22:29 |
2024-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
742
|
5.3 |
MEDIUM
Network
oretnom23
|
railway_reservation_system
|
A vulnerability was found in SourceCodester Online Railway Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_details.php.…
|
NVD-CWE-noinfo
|
CVE-2024-9321
|
2024-10-1 22:28 |
2024-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
743
|
5.4 |
MEDIUM
Network
|
rems
|
online_timesheet_app
|
A vulnerability has been found in SourceCodester Online Timesheet App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /endpoint/add-timesheet.php of the compone…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9320
|
2024-10-1 22:28 |
2024-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
744
|
- |
|
-
|
-
|
Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests.
If a request has no Authorization header, it is created with an empty string as value by a rewri…
|
-
|
CVE-2023-7273
|
2024-10-1 22:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
745
|
6.1 |
MEDIUM
Network
|
redhat
|
single_sign-on
openshift_container_platform
openshift_container_platform_for_power
openshift_container_platform_for_linuxone
openshift_container_platform_for_ibm_z
build_of_keycloak
|
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enablin…
|
CWE-601
Open Redirect
|
CVE-2024-8883
|
2024-10-1 22:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
746
|
5.5 |
MEDIUM
Local
|
redhat
qemu
|
enterprise_linux
qemu
|
A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivi…
|
CWE-617
Reachable Assertion
|
CVE-2024-8354
|
2024-10-1 22:15 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
747
|
2.9 |
LOW
Physics
|
opensc_project
redhat
|
opensc
enterprise_linux
|
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-8443
|
2024-10-1 22:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
748
|
5.9 |
MEDIUM
Network
|
redhat
|
kroxylicious
|
A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resultin…
|
CWE-295
Improper Certificate Validation
|
CVE-2024-8285
|
2024-10-1 22:15 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
749
|
5.4 |
MEDIUM
Network
|
mayurik
|
free_and_open_source_inventory_management_system
|
A vulnerability was found in SourceCodester Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/action/ad…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9323
|
2024-10-1 21:55 |
2024-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
750
|
9.8 |
CRITICAL
Network
endress
|
echo_curve_viewer
fieldcare_sfe500_package
field_xpert_smt79_firmware
field_xpert_smt77_firmware
field_xpert_smt70_firmware
field_xpert_smt50_firmware
|
An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.
|
CWE-94
Code Injection
|
CVE-2024-6596
|
2024-10-1 21:26 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
