1121
|
9.8 |
CRITICAL
Network
tosei-corporation
|
online_store_management_system
|
A vulnerability classified as critical was found in Tosei Online Store Management System ??????????? 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation…
|
NVD-CWE-noinfo
|
CVE-2024-7898
|
2024-09-27 09:34 |
2024-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1122
|
8.8 |
HIGH
Network
|
tosei
|
online_store_management_system
|
A vulnerability classified as critical has been found in Tosei Online Store Management System ??????????? 4.02/4.03/4.04. This affects an unknown part of the file /cgi-bin/tosei_kikai.php. The manipu…
|
CWE-77
Command Injection
|
CVE-2024-7897
|
2024-09-27 09:29 |
2024-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1123
|
- |
|
-
|
-
|
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs?. The memory leak happens in git…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-1394
|
2024-09-27 08:15 |
2024-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1124
|
5.4 |
MEDIUM
Network
|
risethemes
|
rt_easy_builder
|
The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2 due to insuffi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-2254
|
2024-09-27 07:36 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1125
|
6.1 |
MEDIUM
Network
|
instawp
|
string_locator
|
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2023-6987
|
2024-09-27 07:34 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1126
|
5.4 |
MEDIUM
Network
|
themeisle
|
orbit_fox
|
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization …
|
CWE-79
Cross-site Scripting
|
CVE-2024-7778
|
2024-09-27 07:22 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1127
|
9.8 |
CRITICAL
Network
silabs
|
emberznet
|
TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outsi…
|
CWE-672 CWE-772
Operation on a Resource after Expiration or Release Missing Release of Resource after Effective Lifetime
|
CVE-2023-41094
|
2024-09-27 07:15 |
2023-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1128
|
7.5 |
HIGH
Network
hashicorp
|
vault
|
The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-5077
|
2024-09-27 07:15 |
2023-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1129
|
4.9 |
MEDIUM
Network
|
hashicorp
|
vault
|
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, poten…
|
NVD-CWE-noinfo
|
CVE-2023-3775
|
2024-09-27 07:15 |
2023-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1130
|
4.9 |
MEDIUM
Network
|
hashicorp
|
vault
|
An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2023-3774
|
2024-09-27 07:15 |
2023-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|