561
|
- |
|
-
|
-
|
A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitraril…
New
|
-
|
CVE-2024-45980
|
2024-09-27 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
562
|
- |
|
-
|
-
|
A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arb…
New
|
-
|
CVE-2024-45979
|
2024-09-27 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
563
|
- |
|
-
|
-
|
An information disclosure vulnerability in the /Letter/PrintQr/ endpoint of Solvait v24.4.2 allows attackers to access sensitive data via a crafted request.
New
|
-
|
CVE-2024-44860
|
2024-09-27 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
564
|
- |
|
-
|
-
|
Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. A remote unauthenticated host could potentially exploit th…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-37125
|
2024-09-27 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
565
|
- |
|
-
|
-
|
Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from Local User to SYSTEM
This issue affects Agent Flow: before 0.43.2
Update
|
-
|
CVE-2024-8996
|
2024-09-27 02:15 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
566
|
- |
|
-
|
-
|
Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User to SYSTEM
This issue affects Alloy: before 1.3.3, from 1.4.0-rc.0 through 1.4.0-r…
Update
|
-
|
CVE-2024-8975
|
2024-09-27 02:15 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
567
|
6.8 |
MEDIUM
Network
|
hashicorp
|
vault
|
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with a…
Update
|
CWE-20
Improper Input Validation
|
CVE-2023-4680
|
2024-09-27 02:15 |
2023-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
568
|
5.4 |
MEDIUM
Network
|
rocket.chat
|
rocket.chat
|
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-47048
|
2024-09-27 02:12 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
569
|
6.1 |
MEDIUM
Network
|
xplodedthemes
|
xt_ajax_add_to_cart_for_woocommerce
|
The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8716
|
2024-09-27 02:03 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
570
|
6.1 |
MEDIUM
Network
|
castos
|
seriously_simple_stats
|
The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and incl…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8738
|
2024-09-27 01:48 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|