|
304001
|
- |
|
-
|
-
|
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24695. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Sit…
|
-
|
CVE-2024-52941
|
2024-11-19 02:11 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304002
|
- |
|
-
|
-
|
A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.
|
-
|
CVE-2023-43091
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304003
|
7.7 |
HIGH
Network
|
-
|
-
|
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods goin…
|
CWE-20
Improper Input Validation
|
CVE-2024-0793
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304004
|
5.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.
|
-
|
CVE-2023-6110
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304005
|
7.4 |
HIGH
Network
|
-
|
-
|
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltr…
|
CWE-444
HTTP Request Smuggling
|
CVE-2023-4639
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304006
|
5.9 |
MEDIUM
Network
|
-
|
-
|
A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject …
|
CWE-233
Improper Handling of Parameters
|
CVE-2023-1419
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304007
|
3.4 |
LOW
Adjacent
|
-
|
-
|
A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for a…
|
CWE-273
Improper Check for Dropped Privileges
|
CVE-2023-0657
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304008
|
7.5 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-se…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2020-25720
|
2024-11-19 02:11 |
2024-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304009
|
- |
|
-
|
-
|
The Login using WordPress Users ( WP as SAML IDP ) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.15.6 due to insufficie…
|
CWE-89
SQL Injection
|
CVE-2024-9887
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304010
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup class parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization …
|
CWE-80
Basic XSS
|
CVE-2024-10592
|
2024-11-19 02:11 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
