|
309961
|
6.1 |
MEDIUM
Network
|
nuxt
|
nuxt
|
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The `navigateTo` function attempts to blockthe `javascript:` protocol, but does not correctly …
|
CWE-79
Cross-site Scripting
|
CVE-2024-34343
|
2024-09-20 04:57 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309962
|
6.5 |
MEDIUM
Network
|
lunary
|
lunary
|
An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invit…
|
NVD-CWE-Other
|
CVE-2024-6087
|
2024-09-20 04:32 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309963
|
3.9 |
LOW
Physics
|
redhat
opensc_project
|
enterprise_linux
opensc
|
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When …
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-45620
|
2024-09-20 04:21 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309964
|
6.5 |
MEDIUM
Network
|
eaton
|
foreseer_electrical_power_monitoring_system
|
The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the l…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2024-31416
|
2024-09-20 04:06 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309965
|
8.1 |
HIGH
Network
|
eaton
|
foreseer_electrical_power_monitoring_system
|
The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-31415
|
2024-09-20 03:50 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309966
|
6.1 |
MEDIUM
Network
|
eaton
|
foreseer_electrical_power_monitoring_system
|
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sa…
|
CWE-79
Cross-site Scripting
|
CVE-2024-31414
|
2024-09-20 03:48 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309967
|
8.1 |
HIGH
Network
|
lunary
|
lunary
|
A Cross-Site Request Forgery (CSRF) vulnerability exists in lunary-ai/lunary version 1.2.34 due to overly permissive CORS settings. This vulnerability allows an attacker to sign up for and create pro…
|
CWE-352
Origin Validation Error
|
CVE-2024-6862
|
2024-09-20 03:37 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309968
|
6.5 |
MEDIUM
Network
|
lunary
|
lunary
|
An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. This endpoint does not verify that the user has the necessary access righ…
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2024-6867
|
2024-09-20 03:28 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309969
|
9.8 |
CRITICAL
Network
|
arm
|
mbed_tls
|
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in…
|
CWE-295
Improper Certificate Validation
|
CVE-2024-45159
|
2024-09-20 03:26 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309970
|
4.8 |
MEDIUM
Network
|
peepso
|
peepso
|
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7655
|
2024-09-20 03:20 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
