|
1
|
5.5 |
MEDIUM
Local
|
sqlite
redhat
fedoraproject
|
sqlite
enterprise_linux
extra_packages_for_enterprise_linux
fedora
|
A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malici…
Update
|
CWE-416
Use After Free
|
CVE-2024-0232
|
2024-09-28 13:15 |
2024-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trig…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2023-7042
|
2024-09-28 13:15 |
2023-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8715
|
2024-09-28 12:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
- |
|
-
|
-
|
A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.
Update
|
CWE-415
Double Free
|
CVE-2024-2002
|
2024-09-28 12:15 |
2024-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
5.3 |
MEDIUM
Network
-
|
-
|
The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function i…
New
|
-
|
CVE-2024-9189
|
2024-09-28 11:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
6
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wwa_login_form shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanit…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9023
|
2024-09-28 11:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up t…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8788
|
2024-09-28 11:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [popup] shortcode in all versions up to, and including, 4.5 due to insufficient input saniti…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8547
|
2024-09-28 11:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
10.0 |
CRITICAL
Network
-
|
-
|
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input vi…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8353
|
2024-09-28 11:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
10
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file sav…
New
|
CWE-89
SQL Injection
|
CVE-2024-9294
|
2024-09-28 07:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
