31
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
xen/netfront: fix crash when removing device
When removing a netfront device directly after a suspend/resume cycle
it might happe…
New
|
-
|
CVE-2024-53240
|
2024-12-24 19:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
32
|
8.8 |
HIGH
Network
|
-
|
-
|
The PlugVersions – Easily rollback to previous versions of your plugins plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the eos_plugin_reviews_restor…
New
|
CWE-862
Missing Authorization
|
CVE-2024-12881
|
2024-12-24 19:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
33
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.32 via the database_backup_ajax_do…
New
|
CWE-22
Path Traversal
|
CVE-2024-12850
|
2024-12-24 19:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
34
|
5.3 |
MEDIUM
Network
-
|
-
|
The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eos_dyn_get_content act…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-12103
|
2024-12-24 19:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
35
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floating_content_duplicate_post' function in all versions up to, and including, 3.8.2 due to insufficient es…
New
|
CWE-89
SQL Injection
|
CVE-2024-12031
|
2024-12-24 19:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
36
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Datepicker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpdp_get_selected_datepicker' parameter in all versions up to, and including, 2.1.4 due to insufficient…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12468
|
2024-12-24 18:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
37
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Text Prompter – Unlimited chatgpt text prompts for openai tasks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'text_prompter' shortcode in all versions up to,…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-11896
|
2024-12-24 18:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
38
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Loan Comparison plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'loancomparison' shortcode in all versions up to, and including, 2.0 due to insufficient input s…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12814
|
2024-12-24 16:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
39
|
- |
|
-
|
-
|
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which ca…
New
|
-
|
CVE-2024-41887
|
2024-12-24 15:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
40
|
- |
|
-
|
-
|
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker could inject malformed data into url input parameters to reboot the NVR. The manuf…
New
|
-
|
CVE-2024-41886
|
2024-12-24 15:15 |
2024-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|