131
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices
The probe() function is only used for DP83822 and DP83826 PHY,…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-46856
|
2024-10-2 01:04 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
132
|
9.1 |
CRITICAL
Network
ptzoptics
|
pt30x-sdi_firmware pt30x-ndi-xx-g2_firmware
|
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are se…
Update
|
CWE-287
Improper Authentication
|
CVE-2024-8956
|
2024-10-2 01:01 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
133
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fou: fix initialization of grc
The grc must be initialize first. There can be a condition where if
fou is NULL, goto out will be …
Update
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-46865
|
2024-10-2 00:57 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
134
|
4.2 |
MEDIUM
Adjacent
|
jktyre
|
smart_tyre_car_\&_bike
|
An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications.
Update
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2024-39081
|
2024-10-2 00:51 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
135
|
8.8 |
HIGH
Adjacent
|
circutor
|
q-smt_firmware
|
An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only im…
Update
|
NVD-CWE-Other
|
CVE-2024-8890
|
2024-10-2 00:46 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
136
|
9.8 |
CRITICAL
Network
doverfuelingsolutions
|
progauge_maglink_lx_console_firmware progauge_maglink_lx4_console_firmware
|
The web application for ProGauge MAGLINK LX4 CONSOLE contains an
administrative-level user account with a password that cannot be
changed.
Update
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-43423
|
2024-10-2 00:41 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
137
|
7.8 |
HIGH
Local
|
projectdiscovery
|
nuclei
|
Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow…
Update
|
CWE-78
OS Command
|
CVE-2024-43405
|
2024-10-2 00:37 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
138
|
- |
|
-
|
-
|
Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget.
New
|
-
|
CVE-2024-45967
|
2024-10-2 00:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
139
|
- |
|
-
|
-
|
In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain va…
New
|
-
|
CVE-2024-25661
|
2024-10-2 00:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
140
|
- |
|
-
|
-
|
A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. The application requires users to input a 6-digit PIN code sent to their emai…
New
|
-
|
CVE-2024-41276
|
2024-10-2 00:35 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|