161
|
7.8 |
HIGH
Local
|
zoom
|
vdi_windows_meeting_clients rooms zoom meeting_software_development_kit
|
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
Update
|
CWE-426
Untrusted Search Path
|
CVE-2024-24697
|
2024-10-10 00:22 |
2024-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
162
|
- |
|
bold-themes
|
bold_page_builder
|
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-1157
|
2024-10-10 00:20 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
163
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
KEYS: trusted: dcp: fix leak of blob encryption key
Trusted keys unseal the key blob on load, but keep the sealed payload in
the …
Update
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-45004
|
2024-10-10 00:19 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
164
|
4.4 |
MEDIUM
Local
|
-
|
-
|
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to…
New
|
CWE-22
Path Traversal
|
CVE-2024-9675
|
2024-10-10 00:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
165
|
5.3 |
MEDIUM
Network
-
|
-
|
A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.
New
|
CWE-538
File and Directory Information Exposure
|
CVE-2024-9671
|
2024-10-10 00:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
166
|
- |
|
-
|
-
|
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.
New
|
CWE-470
Unsafe Reflection
|
CVE-2024-8048
|
2024-10-10 00:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
167
|
- |
|
-
|
-
|
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.
New
|
CWE-470
Unsafe Reflection
|
CVE-2024-8015
|
2024-10-10 00:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
168
|
- |
|
-
|
-
|
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
New
|
-
|
CVE-2024-8014
|
2024-10-10 00:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
169
|
- |
|
-
|
-
|
In Progress Telerik Reporting versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
New
|
CWE-77
Command Injection
|
CVE-2024-7840
|
2024-10-10 00:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
170
|
- |
|
-
|
-
|
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-7294
|
2024-10-10 00:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|