1941
|
7.8 |
HIGH
Local
|
tungstenautomation
|
kofax_power_pdf
|
Kofax Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-5303
|
2024-09-26 00:24 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1942
|
7.8 |
HIGH
Local
|
tungstenautomation
|
kofax_power_pdf
|
Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-5302
|
2024-09-26 00:22 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1943
|
7.8 |
HIGH
Local
|
tungstenautomation
|
kofax_power_pdf
|
Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofa…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-5301
|
2024-09-26 00:18 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1944
|
4.8 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a thro…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43999
|
2024-09-26 00:15 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1945
|
6.5 |
MEDIUM
Adjacent
|
apple
|
iphone_os ipados
|
This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A malicious Bluetooth input device may bypass pairing.
|
NVD-CWE-noinfo
|
CVE-2024-44124
|
2024-09-26 00:14 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1946
|
9.8 |
CRITICAL
Network
oracle
|
application_development_framework
|
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. E…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2022-21445
|
2024-09-26 00:14 |
2022-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1947
|
5.4 |
MEDIUM
Network
|
webhammer
|
wp_custom_fields_search
|
The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8364
|
2024-09-26 00:08 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1948
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.…
|
CWE-416
Use After Free
|
CVE-2024-6064
|
2024-09-26 00:08 |
2024-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1949
|
9.8 |
CRITICAL
Network
freeimage_project
|
freeimage
|
libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-31570
|
2024-09-25 23:57 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1950
|
9.8 |
CRITICAL
Network
spx
|
spx_graphics_controller
|
An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function.
|
CWE-94
Code Injection
|
CVE-2024-44623
|
2024-09-25 23:53 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|