|
141
|
2.7 |
LOW
Network
|
fortinet
|
fortiedrmanager
|
An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permiss…
Update
|
NVD-CWE-Other
|
CVE-2024-45323
|
2024-09-21 01:23 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
142
|
9.8 |
CRITICAL
Network
omniauth
|
omniauth_saml
|
OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data wit…
Update
|
CWE-287
Improper Authentication
|
CVE-2017-11430
|
2024-09-21 01:21 |
2019-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
143
|
5.3 |
MEDIUM
Network
|
lizardbyte
|
sunshine
|
Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing a…
Update
|
NVD-CWE-noinfo
|
CVE-2024-45407
|
2024-09-21 01:18 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
144
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php…
New
|
CWE-89
SQL Injection
|
CVE-2024-9039
|
2024-09-21 01:15 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
145
|
- |
|
-
|
-
|
A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9038
|
2024-09-21 01:15 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
146
|
- |
|
-
|
-
|
Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function.
New
|
-
|
CVE-2024-46652
|
2024-09-21 01:15 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
147
|
4.7 |
MEDIUM
Network
|
openjsf
|
express
|
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched i…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-43796
|
2024-09-21 01:07 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
148
|
8.1 |
HIGH
Network
|
redhat
|
build_of_keycloak
|
A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 3…
Update
|
CWE-324
Use of a Key Past its Expiration Date
|
CVE-2024-7318
|
2024-09-21 01:02 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
149
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease
It is not safe to dereference fl->c.flc_owner without fir…
Update
|
NVD-CWE-noinfo
|
CVE-2024-46690
|
2024-09-21 00:55 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
150
|
8.1 |
HIGH
Network
|
redhat
|
keycloak
single_sign-on
build_of_keycloak
|
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin opti…
Update
|
CWE-384
Session Fixation
|
CVE-2024-7341
|
2024-09-21 00:53 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
