611
|
- |
|
-
|
-
|
Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unlo…
|
-
|
CVE-2024-45989
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
612
|
- |
|
-
|
-
|
Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by a…
|
-
|
CVE-2024-45987
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
613
|
- |
|
-
|
-
|
A Cross Site Scripting (XSS) vulnerability in update_contact.php of Blood Bank and Donation Management System v1.0 allows an attacker to inject malicious scripts via the name parameter of the update_…
|
-
|
CVE-2024-45985
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
614
|
- |
|
-
|
-
|
A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood Bank And Donation Management System 1.0 allows an attacker to inject malicious scripts that will be executed when the Donor List i…
|
-
|
CVE-2024-45984
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
615
|
- |
|
-
|
-
|
The goTenna Pro ATAK Plugin does not encrypt the callsigns of its users.
These callsigns reveal information about the users and can also be
leveraged for other vulnerabilities.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-45838
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
616
|
- |
|
-
|
-
|
The goTenna Pro ATAK Plugin does not use SecureRandom when generating
its cryptographic keys. The random function in use is not suitable for
cryptographic use.
|
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2024-45723
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
617
|
- |
|
-
|
-
|
In the goTenna Pro ATAK Plugin application, the encryption keys are
stored along with a static IV on the device. This allows for complete
decryption of keys stored on the device. This allows an att…
|
CWE-521
Weak Password Requirements
|
CVE-2024-45374
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
618
|
- |
|
-
|
-
|
Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 1.3.0, given a number of preconditions, the `highest_available` setting will incorrectly assu…
|
CWE-287
Improper Authentication
|
CVE-2024-45042
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
619
|
- |
|
-
|
-
|
goTenna Pro ATAK Plugin by default enables frequent unencrypted
Position, Location and Information (PLI) transmission. This transmission
is done without user's knowledge, revealing the exact locati…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2024-43814
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
620
|
- |
|
-
|
-
|
In the goTenna Pro ATAK Plugin application, the encryption keys are
stored along with a static IV on the device. This allows for complete
decryption of keys stored on the device. This allows an att…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-43694
|
2024-09-30 21:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|