|
331
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/client: add missing bo locking in show_meminfo()
bo_meminfo() wants to inspect bo state like tt and the ttm resource,
howe…
Update
|
CWE-667
Improper Locking
|
CVE-2024-46866
|
2024-10-2 02:09 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
332
|
2.7 |
LOW
Network
|
formtools
|
form_tools
|
A vulnerability, which was classified as problematic, was found in formtools.org Form Tools 3.1.1. Affected is the function curl_exec of the file /admin/forms/option_lists/edit.php of the component I…
Update
|
NVD-CWE-Other
|
CVE-2024-6937
|
2024-10-2 01:51 |
2024-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
333
|
6.5 |
MEDIUM
Network
|
devolutions
|
devolutions_server
|
Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing inte…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-6512
|
2024-10-2 01:36 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
334
|
6.1 |
MEDIUM
Network
|
collne
|
welcart
|
The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used ag…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-5951
|
2024-10-2 01:35 |
2023-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
335
|
5.4 |
MEDIUM
Network
|
uploading_svg\
_webp_and_ico_files_project
|
uploading_svg\
_webp_and_ico_files
|
The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XS…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-4460
|
2024-10-2 01:35 |
2023-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
336
|
5.3 |
MEDIUM
Network
microsoft
|
windows_server_2012
windows_server_2016
windows_server_2019
windows_server_2022
|
DHCP Server Service Information Disclosure Vulnerability
Update
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2023-29355
|
2024-10-2 01:35 |
2023-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
337
|
5.3 |
MEDIUM
Network
atlassian
|
confluence_data_center
confluence_server
|
Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Informa…
Update
|
NVD-CWE-noinfo
|
CVE-2023-22503
|
2024-10-2 01:35 |
2023-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
338
|
5.4 |
MEDIUM
Network
|
strangerstudios
|
paid_memberships_pro
|
The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as lo…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-4830
|
2024-10-2 01:35 |
2023-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
339
|
5.4 |
MEDIUM
Network
|
3dflipbook
|
3d_flipbook
|
The 3D FlipBook WordPress plugin through 1.13.2 does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Con…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-4453
|
2024-10-2 01:35 |
2023-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
340
|
9.8 |
CRITICAL
Network
doverfuelingsolutions
|
progauge_maglink_lx_console_firmware
progauge_maglink_lx4_console_firmware
|
An attacker can directly request the ProGauge MAGLINK LX CONSOLE
resource sub page with full privileges by requesting the URL directly.
Update
|
NVD-CWE-Other
|
CVE-2024-43692
|
2024-10-2 01:22 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
