261
|
5.3 |
MEDIUM
Network
gitlab
|
gitlab
|
An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsaniti…
Update
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2024-4099
|
2024-10-5 02:33 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
262
|
7.8 |
HIGH
Local
|
trendmicro
|
apex_one
|
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obt…
Update
|
CWE-346
Origin Validation Error
|
CVE-2024-36303
|
2024-10-5 02:33 |
2024-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
263
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauth…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-8974
|
2024-10-5 02:30 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
264
|
5.4 |
MEDIUM
Network
|
draytek
|
vigor3910_firmware
|
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-41587
|
2024-10-5 02:28 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
265
|
7.5 |
HIGH
Network
ays-pro
|
chatgpt_assistant
|
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it
Update
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-7713
|
2024-10-5 02:28 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
266
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check msg_id before processing transcation
[WHY & HOW]
HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is…
Update
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46814
|
2024-10-5 02:27 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
267
|
5.5 |
MEDIUM
Local
|
trendmicro
|
apex_one
|
A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on affected installatio…
Update
|
CWE-59
Link Following
|
CVE-2024-36306
|
2024-10-5 02:26 |
2024-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check gpio_id before used as array index
[WHY & HOW]
GPIO_ID_UNKNOWN (-1) is not a valid value for array index a…
Update
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46818
|
2024-10-5 02:18 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
269
|
7.2 |
HIGH
Network
|
givewp
|
givewp
|
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insu…
Update
|
CWE-89
SQL Injection
|
CVE-2024-9130
|
2024-10-5 02:18 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
270
|
9.8 |
CRITICAL
Network
tendacn
|
g3_firmware
|
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function.
Update
|
CWE-78
OS Command
|
CVE-2024-46628
|
2024-10-5 02:18 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|