1131
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fou: fix initialization of grc
The grc must be initialize first. There can be a condition where if
fou is NULL, goto out will be …
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-46865
|
2024-10-2 00:57 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1132
|
4.2 |
MEDIUM
Adjacent
|
jktyre
|
smart_tyre_car_\&_bike
|
An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications.
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2024-39081
|
2024-10-2 00:51 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1133
|
8.8 |
HIGH
Adjacent
|
circutor
|
q-smt_firmware
|
An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only im…
|
NVD-CWE-Other
|
CVE-2024-8890
|
2024-10-2 00:46 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1134
|
9.8 |
CRITICAL
Network
doverfuelingsolutions
|
progauge_maglink_lx_console_firmware progauge_maglink_lx4_console_firmware
|
The web application for ProGauge MAGLINK LX4 CONSOLE contains an
administrative-level user account with a password that cannot be
changed.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-43423
|
2024-10-2 00:41 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1135
|
7.8 |
HIGH
Local
|
projectdiscovery
|
nuclei
|
Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow…
|
CWE-78
OS Command
|
CVE-2024-43405
|
2024-10-2 00:37 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1136
|
- |
|
-
|
-
|
The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a…
|
-
|
CVE-2024-8379
|
2024-10-2 00:35 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1137
|
4.8 |
MEDIUM
Network
|
codepeople
|
contact_form_email
|
The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting at…
|
CWE-79
Cross-site Scripting
|
CVE-2023-5955
|
2024-10-2 00:35 |
2023-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1138
|
5.3 |
MEDIUM
Network
wpbrigade
|
simple_social_buttons
|
The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags
|
NVD-CWE-noinfo
|
CVE-2023-5845
|
2024-10-2 00:35 |
2023-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1139
|
4.3 |
MEDIUM
Network
|
limitloginattempts
|
limit_login_attempts_reloaded
|
The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update stat…
|
CWE-862
Missing Authorization
|
CVE-2023-5525
|
2024-10-2 00:35 |
2023-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1140
|
5.4 |
MEDIUM
Network
|
thimpress
|
wp_hotel_booking
|
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated user…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-5651
|
2024-10-2 00:35 |
2023-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|