|
1441
|
7.8 |
HIGH
Local
|
ui
|
unifi_network_application
|
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell acces…
|
CWE-77
Command Injection
|
CVE-2024-42025
|
2024-09-29 03:35 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1442
|
6.7 |
MEDIUM
Local
|
google
|
android
|
In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploit…
|
CWE-415
Double Free
|
CVE-2023-32824
|
2024-09-29 03:35 |
2023-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1443
|
5.5 |
MEDIUM
Local
|
sqlite
redhat
fedoraproject
|
sqlite
enterprise_linux
extra_packages_for_enterprise_linux
fedora
|
A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malici…
|
CWE-416
Use After Free
|
CVE-2024-0232
|
2024-09-28 13:15 |
2024-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1444
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trig…
|
CWE-476
NULL Pointer Dereference
|
CVE-2023-7042
|
2024-09-28 13:15 |
2023-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1445
|
- |
|
-
|
-
|
A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.
|
CWE-415
Double Free
|
CVE-2024-2002
|
2024-09-28 12:15 |
2024-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1446
|
8.0 |
HIGH
Adjacent
|
tp-link
|
archer_c55_firmware
archer_c50_v3_firmware
|
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C5…
|
CWE-78
OS Command
|
CVE-2023-31188
|
2024-09-28 06:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1447
|
8.0 |
HIGH
Network
|
apache
|
airflow
|
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the …
|
CWE-384
Session Fixation
|
CVE-2023-40273
|
2024-09-28 06:35 |
2023-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1448
|
8.2 |
HIGH
Network
apache
|
ivy
|
Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy pr…
|
CWE-91
CWE-611
Blind XPath Injection
XXE
|
CVE-2022-46751
|
2024-09-28 06:35 |
2023-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1449
|
6.1 |
MEDIUM
Network
|
mm-breaking_news_project
|
mm-breaking_news
|
The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8056
|
2024-09-28 06:29 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1450
|
6.1 |
MEDIUM
Network
|
mm-breaking_news_project
|
mm-breaking_news
|
The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add S…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8054
|
2024-09-28 06:29 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
