|
1181
|
5.5 |
MEDIUM
Local
|
linux
fedoraproject
|
linux_kernel
fedora
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: walk over current view on netlink dump
The generation mask can be updated while netlink dump is in pro…
|
NVD-CWE-noinfo
|
CVE-2024-27017
|
2024-10-1 00:15 |
2024-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1182
|
4.2 |
MEDIUM
Network
|
tyan
|
s5552\/s5552wgm4nr-ex_firmware
s5552\/s5552wgm4nr_firmware
s5552\/s5552gm4nr_firmware
s5552\/s5552gm2nr_firmware
|
A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TL…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2023-2538
|
2024-10-1 00:15 |
2023-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1183
|
7.5 |
HIGH
Network
lannerinc
|
iac-ast2500a_firmware
|
A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) …
|
NVD-CWE-Other
|
CVE-2021-44467
|
2024-10-1 00:15 |
2022-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1184
|
9.8 |
CRITICAL
Network
lannerinc
|
iac-ast2500a_firmware
|
Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserb_func function of spx_restservice allow an authenticated attacker to execute arbitrary code with the same…
|
CWE-77
CWE-787
Command Injection
Out-of-bounds Write
|
CVE-2021-26731
|
2024-10-1 00:15 |
2022-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1185
|
5.4 |
MEDIUM
Network
|
wpdeveloperr
|
confetti_fall_animation
|
The Confetti Fall Animation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'confetti-fall-animation' shortcode in all versions up to, and including, 1.3.0 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8919
|
2024-10-1 00:08 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1186
|
4.3 |
MEDIUM
Network
|
javmah
|
spreadsheet_integration
|
The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. plugin for WordPress is vulnerable to unauthorized…
|
CWE-862
Missing Authorization
|
CVE-2024-6590
|
2024-09-30 23:31 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1187
|
5.4 |
MEDIUM
Network
|
anwp
|
football_leagues
|
The AnWP Football Leagues plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.16.7 due to insufficient input sanitization an…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8917
|
2024-09-30 23:30 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1188
|
4.3 |
MEDIUM
Network
|
wedevs
|
happy_addons_for_elementor
|
The Happy Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.2 via the Content Switcher widget. This makes it possibl…
|
NVD-CWE-noinfo
|
CVE-2024-8801
|
2024-09-30 23:23 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1189
|
5.4 |
MEDIUM
Network
|
gcsdesign
|
wp_category_dropdown
|
The WP Category Dropdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' parameter in all versions up to, and including, 1.8 due to insufficient input sanitization a…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8103
|
2024-09-30 23:20 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1190
|
7.5 |
HIGH
Network
boldgrid
|
w3_total_cache
|
The W3 Total Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.5 via Google OAuth API secrets stored in plaintext in the publicly visibl…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2023-5359
|
2024-09-30 23:19 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
