151
|
- |
|
-
|
-
|
The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use (TOCTOU) when self protection is…
New
|
-
|
CVE-2024-5803
|
2024-10-4 00:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
152
|
- |
|
-
|
-
|
Sulu is a PHP content management system. Sulu is vulnerable against XSS whereas a low privileged user with access to the “Media” section can upload an SVG file with a malicious payload. Once uploaded…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-47618
|
2024-10-4 00:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
153
|
- |
|
-
|
-
|
Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle comp…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-47617
|
2024-10-4 00:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
154
|
- |
|
-
|
-
|
async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustio…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-47614
|
2024-10-4 00:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
155
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Update
|
-
|
CVE-2021-47220
|
2024-10-4 00:15 |
2024-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
156
|
7.5 |
HIGH
Network
microsoft
|
power_platform_terraform_provider
|
Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Platform Terraform Provider where sensitiv…
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-47083
|
2024-10-4 00:11 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
157
|
9.3 |
CRITICAL
Adjacent
|
cisco
|
ios_xe
|
A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication ac…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-20510
|
2024-10-3 23:52 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
158
|
6.5 |
MEDIUM
Network
cisco
|
unified_threat_defense_snort_intrusion_prevention_system_engine
|
A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured sec…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-20508
|
2024-10-3 23:43 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
159
|
7.5 |
HIGH
Network
|
nodejs
|
node.js
|
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the po…
Update
|
NVD-CWE-noinfo
|
CVE-2023-32559
|
2024-10-3 23:35 |
2023-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
160
|
5.5 |
MEDIUM
Local
|
axiosys
|
bento4
|
Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt.
Update
|
NVD-CWE-noinfo
|
CVE-2023-38666
|
2024-10-3 23:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|