|
861
|
9.8 |
CRITICAL
Network
anisha
|
job_recruitment
|
A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument email leads…
Update
|
CWE-89
SQL Injection
|
CVE-2024-11077
|
2024-11-15 03:57 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
862
|
6.5 |
MEDIUM
Network
|
olland
|
horsemanager
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Olland.Biz Horsemanager allows Blind SQL Injection.This issue affects Horsemanager: from n/a thro…
Update
|
CWE-89
SQL Injection
|
CVE-2024-51843
|
2024-11-15 03:53 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
863
|
9.8 |
CRITICAL
Network
gaizhenbiao
|
chuanhuchatgpt
|
A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, direct…
Update
|
CWE-22
Path Traversal
|
CVE-2024-5982
|
2024-11-15 03:52 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
864
|
2.7 |
LOW
Network
|
themeisle
|
multiple_page_generator
|
The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in al…
Update
|
CWE-22
Path Traversal
|
CVE-2024-10672
|
2024-11-15 03:49 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
865
|
6.5 |
MEDIUM
Network
|
andsonsdesign
|
wp-contest
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SONS Creative Development WP Contest allows SQL Injection.This issue affects WP Contest: from n/a…
Update
|
CWE-89
SQL Injection
|
CVE-2024-51837
|
2024-11-15 03:43 |
2024-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
866
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
macsec: Fix use-after-free while sending the offloading packet
KASAN reports the following UAF. The metadata_dst, which is used t…
Update
|
CWE-416
Use After Free
|
CVE-2024-50261
|
2024-11-15 03:24 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
867
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()
This was found by a static analyzer.…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2024-50259
|
2024-11-15 03:24 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
868
|
5.4 |
MEDIUM
Network
|
miraheze
|
wikidiscover
|
WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. Special:WikiDiscover is a special page that lists all wikis on the wiki farm. However, the special page …
Update
|
CWE-79
CWE-80
Cross-site Scripting
Basic XSS
|
CVE-2024-47782
|
2024-11-15 03:19 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
869
|
6.1 |
MEDIUM
Network
|
miraheze
|
createwiki
|
CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displa…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-47781
|
2024-11-15 03:19 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
870
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-51689. Reason: This candidate is a reservation duplicate of CVE-2024-51689. Notes: All CVE users should reference …
Update
|
-
|
CVE-2024-10686
|
2024-11-15 03:15 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
