CVE-2026-5798

Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...

CVE-2024-5798

creationtimestamp| type| source ---|---|--- 2026-04-02 17:44:04+00:00| seen| https://gist.github.com/acornies/f7b0fff853aa88218b8ce51a09a963e4...

MINI-5798-RCCM-MW23

Bulletin has no description...

EUVD-2024-1892

Malicious code in bioql PyPI...

ECHO-C8AB-EEF8-5798

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2015-5798

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and...

CVE-2025-5798

creationtimestamp| type| source ---|---|--- 2025-06-06 19:42:58+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114638125652421315 2025-06-06 21:13:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqxqszwooh2a...

CVE-2020-5798

inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions...

CVE-2018-5798

This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager...

CVE-2012-5798

The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

CVE-2024-5798

A flaw was found in Hashicorp Vault. Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This issue may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an...

BIT-VAULT-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...

GHSA-32CJ-5WX4-GQ8P HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...

CVE-2024-5798

Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...

CVE-2024-5798

CVE-2024-5798 concerns Vault and Vault Enterprise failing to properly validate the JWT aud/role-bound audience claims in the Vault JWT auth method, potentially allowing an invalid login when audience/claims don’t match. The issue is mitigated by upgrading to fixed releases: Vault 1.17.0, 1.16.3, ...

WordPress Assistant – Every Day Productivity Apps Plugin < 1.4.4 is vulnerable to Server Side Request Forgery (SSRF)

Software Assistant – Every Day Productivity Apps Type Plugin Vulnerable versions 1.4.4 Fixed in 1.4.4 OWASP Top 10 A3: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-5798 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 79c75777c183 Credits Ji Yuchen...

CVE-2023-5798

creationtimestamp| type| source ---|---|--- 2023-10-26 14:15:29+00:00| seen| https://t.me/cibsecurity/72942...

CVE-2023-5798

The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...

CVE-2023-5798

The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...

CVE-2023-5798

CVE-2023-5798 affects the Assistant WordPress plugin prior to 1.4.4. The issue is that a parameter is not validated before making a request via wp_remote_get(), enabling SSRF from users with roles as low as Editor. Impact is SSRF with potential access to internal/external resources; document note...