1991
|
6.3 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
[Changes from V1:
- Use a default branch in the switch statement to ini…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-42161
|
2024-09-26 00:54 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1992
|
9.8 |
CRITICAL
Network
lollms
|
lollms
|
A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. This…
|
CWE-22
Path Traversal
|
CVE-2024-3429
|
2024-09-26 00:53 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1993
|
7.5 |
HIGH
Network
updateproducts_project simpleimportproduct_project
|
updateproducts simpleimportproduct
|
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.
|
NVD-CWE-noinfo
|
CVE-2023-39677
|
2024-09-26 00:35 |
2023-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1994
|
6.5 |
MEDIUM
Network
kokoroe_members_card_project
|
kokoroe_members_card
|
An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages.
|
NVD-CWE-noinfo
|
CVE-2023-39045
|
2024-09-26 00:35 |
2023-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1995
|
7.2 |
HIGH
Network
|
dolibarr
|
dolibarr_erp\/crm
|
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.
|
NVD-CWE-noinfo
|
CVE-2023-38886
|
2024-09-26 00:35 |
2023-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1996
|
5.5 |
MEDIUM
Local
|
iobit
|
malware_fighter
|
An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).
|
NVD-CWE-noinfo
|
CVE-2020-24089
|
2024-09-26 00:35 |
2023-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1997
|
2.7 |
LOW
Network
|
strapi
|
strapi
|
Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and t…
|
NVD-CWE-noinfo
|
CVE-2023-37263
|
2024-09-26 00:35 |
2023-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1998
|
7.8 |
HIGH
Local
|
hp
|
poly_plantronics_hub
|
Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An at…
|
CWE-59
Link Following
|
CVE-2024-6147
|
2024-09-26 00:29 |
2024-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1999
|
5.4 |
MEDIUM
Network
|
greenshiftwp
|
greenshift_-_animation_and_page_builder_blocks
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44005
|
2024-09-26 00:25 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2000
|
7.8 |
HIGH
Local
|
tungstenautomation
|
kofax_power_pdf
|
Kofax Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-5303
|
2024-09-26 00:24 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|