2091
|
5.3 |
MEDIUM
Network
mediawiki
|
mediawiki
|
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:Sp…
|
NVD-CWE-noinfo
|
CVE-2023-45370
|
2024-09-20 03:35 |
2023-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2092
|
6.7 |
MEDIUM
Local
|
google
|
android
|
In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed
|
CWE-862
Missing Authorization
|
CVE-2023-40654
|
2024-09-20 03:35 |
2023-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2093
|
6.5 |
MEDIUM
Network
|
lunary
|
lunary
|
An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. This endpoint does not verify that the user has the necessary access righ…
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2024-6867
|
2024-09-20 03:28 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2094
|
9.8 |
CRITICAL
Network
arm
|
mbed_tls
|
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in…
|
CWE-295
Improper Certificate Validation
|
CVE-2024-45159
|
2024-09-20 03:26 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2095
|
4.8 |
MEDIUM
Network
|
peepso
|
peepso
|
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7655
|
2024-09-20 03:20 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2096
|
4.8 |
MEDIUM
Network
|
peepso
|
peepso
|
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-7618
|
2024-09-20 03:20 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2097
|
7.2 |
HIGH
Network
|
kemptechnologies
|
multi-tenant_hypervisor_firmware loadmaster
|
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects:
* LoadMaster: 7.2.40.0 and above
* ECS: All versions
* Multi-Tenancy: 7.1.35.4 and ab…
|
CWE-78
OS Command
|
CVE-2024-7591
|
2024-09-20 03:19 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2098
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: avoid using null object of framebuffer
Instead of using state->fb->obj[0] directly, get object from framebuffer
…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-46694
|
2024-09-20 03:16 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2099
|
5.4 |
MEDIUM
Network
|
microfocus
|
netiq_access_manager
|
Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1.
|
CWE-79
Cross-site Scripting
|
CVE-2024-4554
|
2024-09-20 03:15 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2100
|
- |
|
-
|
-
|
ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may
be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ …
|
CWE-23
Relative Path Traversal
|
CVE-2024-0335
|
2024-09-20 03:15 |
2024-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|