|
256691
|
6.5 |
MEDIUM
Network
|
hashicorp
|
vault
|
Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors,…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-8365
|
2024-09-4 23:37 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256692
|
- |
|
-
|
-
|
Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
-
|
CVE-2024-8362
|
2024-09-4 23:35 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256693
|
- |
|
-
|
-
|
Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
-
|
CVE-2024-7970
|
2024-09-4 23:35 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256694
|
- |
|
-
|
-
|
A remote code execution (RCE) vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GE…
|
-
|
CVE-2024-44809
|
2024-09-4 23:35 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256695
|
6.1 |
MEDIUM
Network
|
memberpress
|
memberpress
|
The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'mepr_screenname' and 'mepr_key' parameter in all versions up to, and including, 1.11.29 due to insufficie…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5024
|
2024-09-4 23:33 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256696
|
5.4 |
MEDIUM
Network
|
wpvibes
|
elementor_addon_elements
|
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ and 'eae_slider_animation' parameters in all versions up to, and including, 1.13.5 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-4401
|
2024-09-4 23:33 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256697
|
8.8 |
HIGH
Network
|
wolfssl
|
wolfssl
|
Fault Injection vulnerability in wc_ed25519_sign_msg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a v…
|
CWE-74
Injection
|
CVE-2024-2881
|
2024-09-4 23:27 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256698
|
8.8 |
HIGH
Network
|
wolfssl
|
wolfssl
|
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a vict…
|
CWE-74
Injection
|
CVE-2024-1545
|
2024-09-4 23:27 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256699
|
5.5 |
MEDIUM
Local
|
wolfssl
|
wolfssl
|
The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. In a controlled environment such as Intel SGX, an…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-1543
|
2024-09-4 23:26 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256700
|
8.8 |
HIGH
Network
|
progress
|
whatsup_gold
|
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's passw…
|
CWE-89
SQL Injection
|
CVE-2024-6672
|
2024-09-4 23:23 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
