1371
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trig…
|
CWE-476
NULL Pointer Dereference
|
CVE-2023-7042
|
2024-09-28 13:15 |
2023-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1372
|
- |
|
-
|
-
|
A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.
|
CWE-415
Double Free
|
CVE-2024-2002
|
2024-09-28 12:15 |
2024-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1373
|
8.0 |
HIGH
Adjacent
|
tp-link
|
archer_c55_firmware archer_c50_v3_firmware
|
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C5…
|
CWE-78
OS Command
|
CVE-2023-31188
|
2024-09-28 06:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1374
|
8.0 |
HIGH
Network
|
apache
|
airflow
|
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the …
|
CWE-384
Session Fixation
|
CVE-2023-40273
|
2024-09-28 06:35 |
2023-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1375
|
8.2 |
HIGH
Network
apache
|
ivy
|
Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy pr…
|
CWE-91 CWE-611
Blind XPath Injection XXE
|
CVE-2022-46751
|
2024-09-28 06:35 |
2023-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1376
|
6.1 |
MEDIUM
Network
|
mm-breaking_news_project
|
mm-breaking_news
|
The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8056
|
2024-09-28 06:29 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1377
|
6.1 |
MEDIUM
Network
|
mm-breaking_news_project
|
mm-breaking_news
|
The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add S…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8054
|
2024-09-28 06:29 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1378
|
4.8 |
MEDIUM
Network
|
ninjateam
|
header_footer_custom_code
|
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Sit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6617
|
2024-09-28 06:28 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1379
|
4.8 |
MEDIUM
Network
|
ninjateam
|
header_footer_custom_code
|
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Sit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6493
|
2024-09-28 06:28 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1380
|
6.8 |
MEDIUM
Network
|
pixeljar
|
favicon_generator
|
The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary f…
|
CWE-352
Origin Validation Error
|
CVE-2024-7863
|
2024-09-28 06:27 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|