81
|
7.5 |
HIGH
Network
radare
|
radare2
|
A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2022-28070
|
2024-10-4 03:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
82
|
7.5 |
HIGH
Network
radare
|
radare2
|
A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2022-28069
|
2024-10-4 03:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
83
|
9.8 |
CRITICAL
Network
devolutions
|
remote_desktop_manager
|
Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without p…
Update
|
CWE-287
Improper Authentication
|
CVE-2023-4373
|
2024-10-4 03:35 |
2023-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
84
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/mgag200: Bind I2C lifetime to DRM device
Managed cleanup with devm_add_action_or_reset() will release the I2C
adapter when th…
Update
|
NVD-CWE-noinfo
|
CVE-2024-44967
|
2024-10-4 03:21 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
85
|
5.4 |
MEDIUM
Network
|
dotcamp
|
ultimate_blocks
|
The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow use…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8536
|
2024-10-4 03:16 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
86
|
- |
|
-
|
-
|
Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly i…
New
|
CWE-440
Expected Behavior Violation
|
CVE-2024-47762
|
2024-10-4 03:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
87
|
- |
|
-
|
-
|
TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTT…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-41988
|
2024-10-4 03:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
88
|
- |
|
-
|
-
|
The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exp…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-41987
|
2024-10-4 03:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
89
|
- |
|
-
|
-
|
In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header.
New
|
-
|
CVE-2024-34535
|
2024-10-4 03:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
90
|
- |
|
-
|
-
|
Eufy HomeBase 2 model T8010X v3.2.8.3h was discovered to use the deprecated wireless protocol WPA2-PSK.
New
|
-
|
CVE-2023-37822
|
2024-10-4 03:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|