291
|
5.5 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-45306
|
2024-10-2 00:20 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
292
|
- |
|
-
|
-
|
eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricte…
New
|
CWE-284
Improper Access Control
|
CVE-2024-45408
|
2024-10-2 00:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
293
|
- |
|
-
|
-
|
Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8.
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-41673
|
2024-10-2 00:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
294
|
- |
|
-
|
-
|
Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows attackers (with access to the database or exported configuration files) to obtain SNMP user…
New
|
-
|
CVE-2024-25658
|
2024-10-2 00:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
295
|
- |
|
-
|
-
|
eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigne…
New
|
CWE-266 CWE-842
Incorrect Privilege Assignment Placement of User into Incorrect Group
|
CVE-2024-25632
|
2024-10-2 00:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
296
|
- |
|
-
|
-
|
Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the…
New
|
-
|
CVE-2021-37577
|
2024-10-2 00:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
297
|
6.3 |
MEDIUM
Local
|
fedirtsapana
|
simple_http_server_plus simple_http_server
|
Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K (AES) encryption key. An a…
Update
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2023-46919
|
2024-10-2 00:15 |
2023-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
298
|
8.8 |
HIGH
Local
|
rust-lang
|
rust
|
Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.8…
Update
|
CWE-88
Argument Injection
|
CVE-2024-43402
|
2024-10-2 00:12 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
299
|
7.5 |
HIGH
Network
google
|
tensorflow
|
TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will a…
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2023-33976
|
2024-10-1 23:41 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
300
|
5.4 |
MEDIUM
Network
|
axton
|
wp-webauthn
|
The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wwa_login_form shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanit…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9023
|
2024-10-1 23:39 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|