1461
|
8.8 |
HIGH
Network
|
external-secrets
|
external_secrets_operator
|
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-45041
|
2024-09-19 02:31 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1462
|
9.8 |
CRITICAL
Network
angeljudesuarez
|
tailoring_management_system
|
A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ssms.php. The manipulation of …
|
CWE-89
SQL Injection
|
CVE-2024-8611
|
2024-09-19 02:24 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1463
|
7.8 |
HIGH
Local
|
ivanti
|
workspace_control
|
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
|
CWE-426
Untrusted Search Path
|
CVE-2024-44103
|
2024-09-19 02:18 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1464
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
i40e: Fix queues reservation for XDP
When XDP was configured on a system with large number of CPUs
and X722 NIC there was a call …
|
CWE-476
NULL Pointer Dereference
|
CVE-2021-47619
|
2024-09-19 02:08 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1465
|
6.1 |
MEDIUM
Network
|
teleogistic
|
invite_anyone
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43327
|
2024-09-19 02:07 |
2024-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1466
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: refactor malicious adv data check
Check for out-of-bound read was being performed at the end of while
num_reports loop…
|
CWE-125
Out-of-bounds Read
|
CVE-2021-47620
|
2024-09-19 02:07 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1467
|
4.8 |
MEDIUM
Network
|
starkdigital
|
wp_testimonial_widget
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Wi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43967
|
2024-09-19 02:00 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1468
|
8.8 |
HIGH
Network
|
ninjaforms
|
ninja_forms
|
Cross-Site Request Forgery (CSRF) vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.8.6.
|
CWE-352
Origin Validation Error
|
CVE-2024-39628
|
2024-09-19 01:59 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1469
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm: mxsfb: Fix NULL pointer dereference
mxsfb should not ever dereference the NULL pointer which
drm_atomic_get_new_bridge_state…
|
CWE-476
NULL Pointer Dereference
|
CVE-2022-48718
|
2024-09-19 01:59 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1470
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work
syzkaller was able to trigger a deadlock for NT…
|
CWE-667
Improper Locking
|
CVE-2022-48719
|
2024-09-19 01:58 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|