181
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php…
New
|
CWE-89
SQL Injection
|
CVE-2024-9039
|
2024-09-21 01:15 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
182
|
- |
|
-
|
-
|
A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9038
|
2024-09-21 01:15 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
183
|
- |
|
-
|
-
|
Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function.
New
|
-
|
CVE-2024-46652
|
2024-09-21 01:15 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
184
|
4.7 |
MEDIUM
Network
|
openjsf
|
express
|
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched i…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-43796
|
2024-09-21 01:07 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
185
|
8.1 |
HIGH
Network
|
redhat
|
build_of_keycloak
|
A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 3…
Update
|
CWE-324
Use of a Key Past its Expiration Date
|
CVE-2024-7318
|
2024-09-21 01:02 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
186
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease
It is not safe to dereference fl->c.flc_owner without fir…
Update
|
NVD-CWE-noinfo
|
CVE-2024-46690
|
2024-09-21 00:55 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
187
|
8.1 |
HIGH
Network
|
redhat
|
keycloak single_sign-on build_of_keycloak
|
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin opti…
Update
|
CWE-384
Session Fixation
|
CVE-2024-7341
|
2024-09-21 00:53 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
188
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: cmd-db: Map shared memory as WC, not WB
Linux does not write into cmd-db region. This region of memory is write
protec…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46689
|
2024-09-21 00:52 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
189
|
9.8 |
CRITICAL
Network
h2o
|
h2o
|
A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Conn…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8862
|
2024-09-21 00:47 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
190
|
5.4 |
MEDIUM
Network
|
aimstack
|
aim
|
A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. Th…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8863
|
2024-09-21 00:43 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|