91 matches found
CVE-2026-5798
Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...
CVE-2024-5798
creationtimestamp| type| source ---|---|--- 2026-04-02 17:44:04+00:00| seen| https://gist.github.com/acornies/f7b0fff853aa88218b8ce51a09a963e4...
MINI-5798-RCCM-MW23
Bulletin has no description...
EUVD-2024-1892
Malicious code in bioql PyPI...
ECHO-C8AB-EEF8-5798
Bulletin has no description...
Linux Distros Unpatched Vulnerability : CVE-2015-5798
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and...
CVE-2025-5798
creationtimestamp| type| source ---|---|--- 2025-06-06 19:42:58+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114638125652421315 2025-06-06 21:13:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqxqszwooh2a...
CVE-2020-5798
inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions...
CVE-2018-5798
This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager...
CVE-2012-5798
The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2024-5798
A flaw was found in Hashicorp Vault. Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This issue may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an...
BIT-VAULT-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...
GHSA-32CJ-5WX4-GQ8P HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...
CVE-2024-5798
CVE-2024-5798 concerns Vault and Vault Enterprise failing to properly validate the JWT aud/role-bound audience claims in the Vault JWT auth method, potentially allowing an invalid login when audience/claims don’t match. The issue is mitigated by upgrading to fixed releases: Vault 1.17.0, 1.16.3, ...
CVE-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...
Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Summary Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT with audience and role-bound claims that do not match, allowing an invalid login to succeed when it...
WordPress Assistant – Every Day Productivity Apps Plugin < 1.4.4 is vulnerable to Server Side Request Forgery (SSRF)
Software Assistant – Every Day Productivity Apps Type Plugin Vulnerable versions 1.4.4 Fixed in 1.4.4 OWASP Top 10 A3: Injection Classification Server Side Request Forgery SSRF CVE CVE-2023-5798 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 79c75777c183 Credits Ji Yuchen...
CVE-2023-5798
creationtimestamp| type| source ---|---|--- 2023-10-26 14:15:29+00:00| seen| https://t.me/cibsecurity/72942...
CVE-2023-5798
The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...
CVE-2023-5798
The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wpremoteget, which could allow users with a role as low as Editor to perform SSRF attacks...