|
2011
|
5.4 |
MEDIUM
Network
|
cryoutcreations
|
roseta
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Roseta allows Stored XSS.This issue affects Roseta: from n/a through 1.3.0.
|
CWE-79
Cross-site Scripting
|
CVE-2024-45451
|
2024-09-25 07:02 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2012
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-44188
|
2024-09-25 05:38 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2013
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-40859
|
2024-09-25 05:31 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2014
|
7.5 |
HIGH
Network
zitadel
|
zitadel
|
Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability t…
|
NVD-CWE-noinfo
|
CVE-2024-47000
|
2024-09-25 05:25 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2015
|
6.5 |
MEDIUM
Network
|
zitadel
|
zitadel
|
Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to …
|
NVD-CWE-noinfo
|
CVE-2024-46999
|
2024-09-25 05:20 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2016
|
7.5 |
HIGH
Network
envoyproxy
|
envoy
|
Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, whi…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-45809
|
2024-09-25 05:12 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2017
|
7.5 |
HIGH
Network
envoyproxy
|
envoy
|
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requ…
|
NVD-CWE-noinfo
|
CVE-2024-45810
|
2024-09-25 04:48 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2018
|
4.8 |
MEDIUM
Network
|
mage-people
|
bus_ticket_booking_with_seat_reservation
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Stored XSS.This issue affe…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43985
|
2024-09-25 04:33 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2019
|
4.8 |
MEDIUM
Adjacent
|
google
|
nearby
|
There exists a vulnerability in Quick Share/Nearby, where an attacker can force a victim to stay connected to a temporary hotspot created for the sharing. As part of the sequence of packets in a Quic…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2024-38271
|
2024-09-25 04:29 |
2024-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2020
|
9.8 |
CRITICAL
Network
wptaskforce
|
track_\&_trace
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: …
|
CWE-89
SQL Injection
|
CVE-2024-44004
|
2024-09-25 04:22 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
