71
|
6.1 |
MEDIUM
Network
|
phpkobo
|
ajaxnewsticker
|
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-41446
|
2024-09-24 03:35 |
2023-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
72
|
7.5 |
HIGH
Network
oracle
|
access_manager
|
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allow…
Update
|
NVD-CWE-noinfo
|
CVE-2022-39412
|
2024-09-24 03:35 |
2022-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
73
|
7.3 |
HIGH
Local
|
oracle
|
vm_virtualbox
|
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Easily exploitable vulnerability allows low pri…
Update
|
NVD-CWE-noinfo
|
CVE-2022-39421
|
2024-09-24 03:35 |
2022-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
74
|
8.1 |
HIGH
Network
|
oracle
|
peoplesoft_enterprise_common_components
|
Vulnerability in the PeopleSoft Enterprise Common Components product of Oracle PeopleSoft (component: Approval Framework). The supported version that is affected is 9.2. Easily exploitable vulnerabil…
Update
|
NVD-CWE-noinfo
|
CVE-2022-39406
|
2024-09-24 03:35 |
2022-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
75
|
6.5 |
MEDIUM
Network
|
backstage
|
backstage
|
Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the s…
Update
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2024-45815
|
2024-09-24 03:31 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
76
|
5.4 |
MEDIUM
Network
|
backstage
|
backstage
|
Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content th…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-46976
|
2024-09-24 03:27 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
77
|
6.1 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8907
|
2024-09-24 03:23 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
78
|
- |
|
-
|
-
|
Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file (i.e. WebAPI.cfg.xml) aft…
New
|
-
|
CVE-2024-39341
|
2024-09-24 03:15 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
79
|
- |
|
-
|
-
|
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.
New
|
-
|
CVE-2024-0005
|
2024-09-24 03:15 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
80
|
- |
|
-
|
-
|
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
New
|
-
|
CVE-2024-0004
|
2024-09-24 03:15 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|