7.5
CVE-2024-21190 - Oracle Fusion Middleware: From CVEorg collector
Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle β¦
9
CVE-2024-21172 - Oracle Hospitality Applications: From CVEorg collector
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.19, 5.6.25.8 and 5.6.26.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compβ¦
7.5
CVE-2024-5749 - Certain HP DesignJet products β Credential reflection
Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials.
8.7
CVE-2024-48915 - Agent Dart missing certificate verification checks
Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Prior to version 1.0.0-dev.29, certificate verification in `lib/agent/certificate.dart` does not occur properly. During the delegation verification in the `_checkDelegation` function, the canister_ranges aren't veβ¦
9.1
CVE-2024-48914 - Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStβ¦
Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data sucβ¦
5.9
CVE-2024-48913 - Hono vulnerable to bypass of CSRF Middleware by a request without Content-Type header.
Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. Thβ¦
8.7
CVE-2024-47876 - Sakai: Kernel users created with type roleview can login as a normal user
Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability.
8.7
CVE-2024-47874 - Starlette Denial of service (DoS) via multipart/form-data
Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large formβ¦
8.7
CVE-2024-47824 - Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user toβ¦
matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client into a web page. Starting in version 3.18.0 and before 3.102.0, matrix-react-sdk allows a malicious homeserver to potentially steal message keys for a room when a user invites another user to that room,β¦
3.7
CVE-2024-9506 - Regular Expression Denial of Service (ReDoS)
Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.