|
311
|
- |
|
-
|
-
|
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentiall…
New
|
-
|
CVE-2024-47807
|
2024-10-3 02:35 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312
|
- |
|
-
|
-
|
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentia…
New
|
-
|
CVE-2024-47806
|
2024-10-3 02:35 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313
|
- |
|
-
|
-
|
According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the T…
New
|
-
|
CVE-2024-44097
|
2024-10-3 02:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314
|
6.4 |
MEDIUM
Local
|
amd
|
epyc_8024pn_firmware
epyc_8024p_firmware
epyc_8124pn_firmware
epyc_8124p_firmware
epyc_8224pn_firmware
epyc_8224p_firmware
epyc_8324pn_firmware
epyc_8324p_firmware
epyc_8434pn…
|
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow
an attacker with ring0 privileges and access to the
BIOS menu or UEFI shell to modify the communications buffer potentially
resulting in arbitrar…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2023-20578
|
2024-10-3 02:35 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315
|
8.8 |
HIGH
Network
|
apache
|
airflow
|
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authentic…
Update
|
NVD-CWE-Other
|
CVE-2023-39508
|
2024-10-3 02:35 |
2023-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316
|
4.3 |
MEDIUM
Network
|
wpplugin
|
easy_paypal_events
|
The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeeve…
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-8476
|
2024-10-3 02:31 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317
|
8.8 |
HIGH
Network
|
supsystic
|
slider
social_share_buttons
|
Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons …
Update
|
CWE-862
Missing Authorization
|
CVE-2024-47330
|
2024-10-3 02:26 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318
|
7.5 |
HIGH
Network
apache
|
maven_archetype
|
Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin.
This issue affects Maven Archetype Plugin: from 3.2.1 b…
Update
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-47197
|
2024-10-3 02:25 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
319
|
4.3 |
MEDIUM
Network
|
themehunk
|
easy_mega_menu_plugin
|
The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-8434
|
2024-10-3 02:25 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
320
|
7.8 |
HIGH
Local
|
avg
|
internet_security
|
Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.
Update
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-6510
|
2024-10-3 02:17 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
