491
|
8.8 |
HIGH
Local
|
rust-lang
|
rust
|
Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.8…
Update
|
CWE-88
Argument Injection
|
CVE-2024-43402
|
2024-10-2 00:12 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
492
|
7.5 |
HIGH
Network
google
|
tensorflow
|
TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will a…
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2023-33976
|
2024-10-1 23:41 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
493
|
5.4 |
MEDIUM
Network
|
axton
|
wp-webauthn
|
The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wwa_login_form shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanit…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9023
|
2024-10-1 23:39 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
494
|
6.1 |
MEDIUM
Network
|
objectiv
|
simple_ldap_login
|
The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8715
|
2024-10-1 23:37 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
495
|
- |
|
-
|
-
|
The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting atta…
Update
|
-
|
CVE-2024-8283
|
2024-10-1 23:35 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
496
|
- |
|
-
|
-
|
The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, whi…
Update
|
-
|
CVE-2024-8239
|
2024-10-1 23:35 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
497
|
5.3 |
MEDIUM
Network
perforce
|
akana_api
|
In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations
Update
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-5250
|
2024-10-1 23:33 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
498
|
5.4 |
MEDIUM
Network
|
garrettgrimm
|
simple_popup_plugin
|
The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [popup] shortcode in all versions up to, and including, 4.5 due to insufficient input saniti…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8547
|
2024-10-1 23:32 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
499
|
9.8 |
CRITICAL
Network
givewp
|
givewp
|
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input vi…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8353
|
2024-10-1 23:31 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
500
|
7.5 |
HIGH
Network
huawei
|
harmonyos emui
|
Access permission verification vulnerability in the App Multiplier module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Update
|
NVD-CWE-noinfo
|
CVE-2024-9136
|
2024-10-1 23:28 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|