|
319821
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.
|
NVD-CWE-noinfo
|
CVE-2024-40837
|
2024-09-24 03:50 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319822
|
6.5 |
MEDIUM
Network
|
backstage
|
backstage
|
Backstage is an open framework for building developer portals. When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak …
|
CWE-22
Path Traversal
|
CVE-2024-45816
|
2024-09-24 03:41 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319823
|
6.5 |
MEDIUM
Network
|
backstage
|
backstage
|
Backstage is an open framework for building developer portals. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the s…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2024-45815
|
2024-09-24 03:31 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319824
|
5.4 |
MEDIUM
Network
|
backstage
|
backstage
|
Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-46976
|
2024-09-24 03:27 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319825
|
6.1 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8907
|
2024-09-24 03:23 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319826
|
6.1 |
MEDIUM
Network
|
oretnom23
|
resort_reservation_system
|
A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_fee.php. The manipul…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8951
|
2024-09-24 03:12 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319827
|
7.5 |
HIGH
Network
|
micropython
|
micropython
|
A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffe…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-8948
|
2024-09-24 03:10 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319828
|
8.8 |
HIGH
Network
|
oretnom23
|
online_eyewear_shop
|
A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. This affects an unknown part of the file /classes/Master.php of the component Cart Content Handler. Th…
|
CWE-282
Improper Ownership Management
|
CVE-2024-8949
|
2024-09-24 03:05 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319829
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
NVD-CWE-noinfo
|
CVE-2024-8908
|
2024-09-24 02:59 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319830
|
6.1 |
MEDIUM
Network
|
netcat
|
netcat_content_management_system
|
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site.
This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8653
|
2024-09-24 02:55 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
