|
306361
|
8.8 |
HIGH
Network
|
ovaledge
|
ovaledge
|
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.
|
NVD-CWE-noinfo
|
CVE-2022-30357
|
2024-11-1 01:43 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306362
|
8.8 |
HIGH
Network
|
ovaledge
|
ovaledge
|
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required.
|
CWE-863
Incorrect Authorization
|
CVE-2022-30358
|
2024-11-1 01:41 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306363
|
5.4 |
MEDIUM
Network
|
fastlinemedia
|
beaver_builder
|
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insuf…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9505
|
2024-11-1 01:39 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306364
|
6.4 |
MEDIUM
Network
|
ovaledge
|
ovaledge
|
OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS (AKA Persistent or Type II) vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. Authentic…
|
CWE-79
Cross-site Scripting
|
CVE-2022-30360
|
2024-11-1 01:38 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306365
|
4.3 |
MEDIUM
Network
|
ovaledge
|
ovaledge
|
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with th…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2022-30359
|
2024-11-1 01:37 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306366
|
5.3 |
MEDIUM
Network
|
ovaledge
|
ovaledge
|
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. No authentication is required. The information disclosed is associated with…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2022-30361
|
2024-11-1 01:34 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306367
|
4.7 |
MEDIUM
Network
|
ovaledge
|
ovaledge
|
OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADM…
|
CWE-863
Incorrect Authorization
|
CVE-2022-30356
|
2024-11-1 01:31 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306368
|
4.3 |
MEDIUM
Network
|
gaizhenbiao
|
chuanhuchatgpt
|
In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a…
|
NVD-CWE-noinfo
|
CVE-2024-8143
|
2024-11-1 01:23 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306369
|
7.2 |
HIGH
Network
|
funadmin
|
funadmin
|
funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php.
|
CWE-89
SQL Injection
|
CVE-2024-48230
|
2024-11-1 00:57 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306370
|
7.5 |
HIGH
Network
|
mintplexlabs
|
anythingllm
|
mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in s…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-7783
|
2024-11-1 00:49 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
