2021
|
9.8 |
CRITICAL
Network
tenda
|
ax12_firmware
|
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.
|
CWE-787
Out-of-bounds Write
|
CVE-2023-49424
|
2024-09-14 04:35 |
2023-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2022
|
5.3 |
MEDIUM
Network
funnelforms
|
funnelforms_free
|
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
|
CWE-862
Missing Authorization
|
CVE-2024-7447
|
2024-09-14 04:33 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2023
|
5.3 |
MEDIUM
Network
permalink_manager_lite_project
|
permalink_manager_lite
|
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debug_data', 'debug_query', and 'debug_redirect' functions in al…
|
CWE-862
Missing Authorization
|
CVE-2024-8195
|
2024-09-14 04:28 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2024
|
5.5 |
MEDIUM
Local
|
cisco
|
duo_authentication_for_epic
|
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system.
This vulnerability is due to imprope…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2024-20503
|
2024-09-14 04:24 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2025
|
9.8 |
CRITICAL
Network
fabianros
|
hospital_management_system
|
A vulnerability was found in code-projects Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component L…
|
CWE-89
SQL Injection
|
CVE-2024-8368
|
2024-09-14 04:23 |
2024-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2026
|
3.9 |
LOW
Physics
|
redhat opensc_project
|
enterprise_linux opensc
|
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially craft…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-45617
|
2024-09-14 04:21 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2027
|
3.9 |
LOW
Physics
|
redhat opensc_project
|
enterprise_linux opensc
|
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially craft…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-45616
|
2024-09-14 04:21 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2028
|
3.9 |
LOW
Physics
|
redhat opensc_project
|
enterprise_linux opensc
|
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.
The problem is missing initialization of variables expected to be initialized (as arguments to other function…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-45615
|
2024-09-14 04:21 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2029
|
5.4 |
MEDIUM
Network
|
wpzoom
|
wpzoom_portfolio
|
The WPZOOM Portfolio Lite – Filterable Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:wpzoom-blocks' Gutenberg block in al…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8276
|
2024-09-14 04:19 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2030
|
6.4 |
MEDIUM
Local
|
linux fedoraproject redhat
|
linux_kernel fedora enterprise_linux
|
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the …
|
CWE-416
Use After Free
|
CVE-2023-39198
|
2024-09-14 04:15 |
2023-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|