|
3841
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout …
|
CWE-526
Cleartext Storage of Sensitive Information in an Environment Variable
|
CVE-2024-11736
|
2025-01-14 18:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3842
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of…
|
CWE-693
Protection Mechanism Failure
|
CVE-2024-11734
|
2025-01-14 18:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3843
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input s…
|
CWE-79
Cross-site Scripting
|
CVE-2024-13323
|
2025-01-14 15:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3844
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Smart Agenda – Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. This is due to missing or incorrect nonce …
|
CWE-352
Origin Validation Error
|
CVE-2024-13348
|
2025-01-14 13:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3845
|
8.8 |
HIGH
Network
|
-
|
-
|
An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allo…
|
CWE-269
Improper Privilege Management
|
CVE-2024-12398
|
2025-01-14 11:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3846
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
|
-
|
CVE-2024-11637
|
2025-01-14 11:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3847
|
- |
|
-
|
-
|
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in pri…
|
CWE-287
Improper Authentication
|
CVE-2025-0070
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3848
|
- |
|
-
|
-
|
Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user?s Windows account could gain higher privileges. With this,…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2025-0069
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3849
|
- |
|
-
|
-
|
An obsolete functionality in SAP NetWeaver Application Server ABAP did not perform necessary authorization checks. Because of this, an authenticated attacker could obtain information that would other…
|
CWE-862
Missing Authorization
|
CVE-2025-0068
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3850
|
- |
|
-
|
-
|
Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remot…
|
CWE-862
Missing Authorization
|
CVE-2025-0067
|
2025-01-14 10:15 |
2025-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
