|
911
|
7.8 |
HIGH
Local
|
microsoft
git_for_windows_project
|
visual_studio_2022
visual_studio_2017
visual_studio_2019
git_for_windows
|
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
Update
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2022-24767
|
2024-10-2 00:35 |
2022-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
912
|
7.8 |
HIGH
Local
|
amazon
|
freertos
|
FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming t…
Update
|
NVD-CWE-Other
|
CVE-2024-28115
|
2024-10-2 00:31 |
2024-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
913
|
5.4 |
MEDIUM
Network
|
jellyfin
|
jellyfin
|
Jellyfin is an open source self hosted media server. The Jellyfin user profile image upload accepts SVG files, allowing for a stored XSS attack against an admin user via a specially crafted malicious…
Update
|
NVD-CWE-noinfo
|
CVE-2024-43801
|
2024-10-2 00:25 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
914
|
5.5 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-45306
|
2024-10-2 00:20 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
915
|
6.3 |
MEDIUM
Local
|
fedirtsapana
|
simple_http_server_plus
simple_http_server
|
Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K (AES) encryption key. An a…
Update
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2023-46919
|
2024-10-2 00:15 |
2023-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
916
|
8.8 |
HIGH
Local
|
rust-lang
|
rust
|
Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.8…
Update
|
CWE-88
Argument Injection
|
CVE-2024-43402
|
2024-10-2 00:12 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
917
|
7.5 |
HIGH
Network
google
|
tensorflow
|
TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will a…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2023-33976
|
2024-10-1 23:41 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
918
|
5.4 |
MEDIUM
Network
|
axton
|
wp-webauthn
|
The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wwa_login_form shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9023
|
2024-10-1 23:39 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
919
|
6.1 |
MEDIUM
Network
|
objectiv
|
simple_ldap_login
|
The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8715
|
2024-10-1 23:37 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
920
|
- |
|
-
|
-
|
The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting atta…
|
-
|
CVE-2024-8283
|
2024-10-1 23:35 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
