131
|
7.8 |
HIGH
Local
|
google
|
android
|
In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed…
Update
|
CWE-20
Improper Input Validation
|
CVE-2023-21272
|
2024-10-10 01:35 |
2023-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
132
|
7.8 |
HIGH
Local
|
google
|
android
|
In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with…
Update
|
CWE-269
Improper Privilege Management
|
CVE-2023-21269
|
2024-10-10 01:35 |
2023-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
133
|
6.1 |
MEDIUM
Network
|
veronalabs
|
wp_sms
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc al…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-24881
|
2024-10-10 01:28 |
2024-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
134
|
7.5 |
HIGH
Network
gradio_project
|
gradio
|
A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the `postprocess()` function within `gr…
Update
|
NVD-CWE-noinfo
|
CVE-2024-4941
|
2024-10-10 01:24 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
135
|
- |
|
-
|
-
|
DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrar…
New
|
-
|
CVE-2024-46316
|
2024-10-10 01:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
136
|
- |
|
-
|
-
|
FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to…
New
|
-
|
CVE-2024-25825
|
2024-10-10 01:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
137
|
9.8 |
CRITICAL
Network
lollms
|
lollms_web_ui
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the ap…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-5482
|
2024-10-10 01:12 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
138
|
8.6 |
HIGH
Network
gradio_project
|
gradio
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the `/queue/join` endpoint and the `save_url_to_cache` function. The vulnerabili…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-4325
|
2024-10-10 01:04 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
139
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ethtool: fail closed if we can't get max channel used in indirection tables
Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing…
Update
|
NVD-CWE-noinfo
|
CVE-2024-46834
|
2024-10-10 00:57 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
140
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: void array out of bound when loop tnl_num
When query reg inf of SSU, it loops tnl_num times. However, tnl_num comes
fr…
Update
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46833
|
2024-10-10 00:54 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|