| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96. |
| Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10. |
| Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. |
| Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. |
| Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11. |
| Business Logic Errors in Packagist microweber/microweber prior to 1.2.11. |
| Business Logic Errors in GitHub repository publify/publify prior to 9.2.7. |
| Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. |
| Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| calibre-web is vulnerable to Business Logic Errors |
| Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6. |
| yetiforcecrm is vulnerable to Business Logic Errors |
| yetiforcecrm is vulnerable to Business Logic Errors |
| Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself. |
