1971
|
5.4 |
MEDIUM
Network
|
piotnet
|
piotnet_addons
|
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to,…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5502
|
2024-09-13 06:05 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1972
|
4.9 |
MEDIUM
Network
|
continew
|
continew_admin
|
A vulnerability was found in ContiNew Admin 3.2.0 and classified as critical. Affected by this issue is the function top.continew.starter.extension.crud.controller.BaseController#page of the file /ap…
|
CWE-89
SQL Injection
|
CVE-2024-8150
|
2024-09-13 06:01 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1973
|
6.5 |
MEDIUM
Network
|
9front
|
lib9p
|
A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user.
This is du…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-8158
|
2024-09-13 06:00 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1974
|
9.8 |
CRITICAL
Network
hillstonenet
|
web_application_firewall
|
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firew…
|
CWE-77
Command Injection
|
CVE-2024-8073
|
2024-09-13 05:58 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1975
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix null ptr deref in dtInsertEntry
[syzbot reported]
general protection fault, probably for non-canonical address 0xdffffc0…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-44939
|
2024-09-13 05:58 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1976
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to cover read extent cache access with lock
syzbot reports a f2fs bug as below:
BUG: KASAN: slab-use-after-free in san…
|
CWE-416
Use After Free
|
CVE-2024-44941
|
2024-09-13 05:57 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1977
|
7.5 |
HIGH
Network
dfinity
|
canister_developer_kit_for_the_internet_computer
|
When a canister method is called via ic_cdk::call* , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked a…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-7884
|
2024-09-13 05:47 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1978
|
8.8 |
HIGH
Network
|
mitel
|
mivoice_mx-one
|
The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successfu…
|
NVD-CWE-noinfo
|
CVE-2024-36446
|
2024-09-13 05:47 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1979
|
6.5 |
MEDIUM
Network
|
mage
|
mage-ai
|
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request
|
CWE-22
Path Traversal
|
CVE-2024-45189
|
2024-09-13 05:42 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1980
|
6.5 |
MEDIUM
Network
|
oracle
|
mysql
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerabi…
|
NVD-CWE-noinfo
|
CVE-2024-21171
|
2024-09-13 05:42 |
2024-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|