|
305901
|
6.1 |
MEDIUM
Network
|
redhat
|
single_sign-on
openshift_container_platform
openshift_container_platform_for_power
openshift_container_platform_for_linuxone
openshift_container_platform_for_ibm_z
build_of_keycloak
|
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enablin…
|
CWE-601
Open Redirect
|
CVE-2024-8883
|
2024-11-5 13:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305902
|
7.7 |
HIGH
Network
|
-
|
-
|
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for speci…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-8698
|
2024-11-5 13:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305903
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'scu' shortcode in versions up to, and including, 2.1.3 due to insufficient input sanitiza…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10340
|
2024-11-5 11:15 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305904
|
9.8 |
CRITICAL
Network
|
ptzoptics
|
pt30x-sdi_firmware
pt30x-ndi-xx-g2_firmware
|
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrar…
|
CWE-78
OS Command
|
CVE-2024-8957
|
2024-11-5 11:00 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305905
|
9.1 |
CRITICAL
Network
|
ptzoptics
|
pt30x-sdi_firmware
pt30x-ndi-xx-g2_firmware
|
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are se…
|
CWE-287
Improper Authentication
|
CVE-2024-8956
|
2024-11-5 11:00 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305906
|
- |
|
-
|
-
|
cobalt is a media downloader that doesn't piss you off. A malicious cobalt instance could serve links with the `javascript:` protocol, resulting in Cross-site Scripting (XSS) when the user tries to d…
|
CWE-79
Cross-site Scripting
|
CVE-2024-51498
|
2024-11-5 09:15 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305907
|
- |
|
-
|
-
|
WebFeed is a lightweight web feed reader extension for Firefox/Chrome. Multiple HTML injection vulnerabilities in WebFeed can lead to CSRF and UI spoofing attacks. A remote attacker can provide malic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-50346
|
2024-11-5 09:15 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305908
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in FiberHome HG6544C RP2743 allows an attacker to execute arbitrary code via the SSID field in the WIFI Clients List not being sanitized
|
-
|
CVE-2024-51432
|
2024-11-5 07:35 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305909
|
5.5 |
MEDIUM
Local
|
apple
|
macos
iphone_os
ipados
watchos
tvos
visionos
safari
|
The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted we…
|
NVD-CWE-noinfo
|
CVE-2024-44185
|
2024-11-5 07:35 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305910
|
- |
|
-
|
-
|
The API Interface of the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct SQL injection due to in…
|
-
|
CVE-2024-47189
|
2024-11-5 07:35 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
