521
|
5.3 |
MEDIUM
Network
apache
|
druid
|
Padding Oracle vulnerability in Apache Druid extension, druid-pac4j.
This could allow an attacker to manipulate a pac4j session cookie.
This issue affects Apache Druid versions 0.18.0 through 30.0.0…
Update
|
NVD-CWE-noinfo
|
CVE-2024-45384
|
2024-10-2 22:57 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
522
|
6.1 |
MEDIUM
Network
|
tebilisim
|
v5
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in TE Informatics V5 allows Reflected XSS.This issue affects V5: before 6.2.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-2010
|
2024-10-2 22:52 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
523
|
- |
|
-
|
-
|
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role c…
New
|
CWE-79 CWE-116 CWE-434
Cross-site Scripting Improper Encoding or Escaping of Output Unrestricted Upload of File with Dangerous Type
|
CVE-2024-47528
|
2024-10-2 22:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
524
|
9.8 |
CRITICAL
Network
phpgurukul
|
online_shopping_portal
|
A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /shopping/admin/index.php of the component Admin Panel. …
Update
|
CWE-89
SQL Injection
|
CVE-2024-9326
|
2024-10-2 22:33 |
2024-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
525
|
9.8 |
CRITICAL
Network
anisha
|
supply_chain_management
|
A vulnerability was found in code-projects Supply Chain Management 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit_manufacturer.php. The manipulation …
Update
|
CWE-89
SQL Injection
|
CVE-2024-9322
|
2024-10-2 22:32 |
2024-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
526
|
7.5 |
HIGH
Network
code-projects
|
blood_bank_system
|
A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /admin/blood/update/B+.php. The manipulation of th…
Update
|
CWE-89
SQL Injection
|
CVE-2024-9316
|
2024-10-2 22:29 |
2024-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
527
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ASoC: meson: axg-card: fix 'use-after-free'
Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()',
so move 'p…
Update
|
CWE-416
Use After Free
|
CVE-2024-46849
|
2024-10-2 22:25 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
528
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
dma-buf: heaps: Fix off-by-one in CMA heap fault handler
Until VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps:
D…
Update
|
CWE-193
Off-by-one Error
|
CVE-2024-46852
|
2024-10-2 22:23 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
529
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_socket: fix sk refcount leaks
We must put 'sk' reference before returning.
Update
|
NVD-CWE-Other
|
CVE-2024-46855
|
2024-10-2 22:21 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
530
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix the warning division or modulo by zero
Checks the partition mode and returns an error for an invalid mode.
Update
|
CWE-369
Divide By Zero
|
CVE-2024-46806
|
2024-10-2 22:17 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|