101
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the
…
Update
|
CWE-416
Use After Free
|
CVE-2024-46842
|
2024-10-9 03:22 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
102
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()
We handle errors here properly, ENOMEM isn't fa…
Update
|
NVD-CWE-noinfo
|
CVE-2024-46841
|
2024-10-9 03:17 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
103
|
8.8 |
HIGH
Network
|
emiloimagtolis
|
online_discussion_forum
|
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received usi…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-37868
|
2024-10-9 03:16 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
104
|
- |
|
-
|
-
|
TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/gro…
New
|
CWE-863
Incorrect Authorization
|
CVE-2024-47780
|
2024-10-9 03:15 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
105
|
- |
|
-
|
-
|
Discourse is an open source platform for community discussion. An attacker can make several XHR requests until the cache is poisoned with a response without any preloaded data. This issue only affect…
New
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2024-47773
|
2024-10-9 03:15 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
106
|
- |
|
-
|
-
|
Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP. In livewire/livewire `< v3.5.2`, the file extension of an uploaded file is guessed based on t…
New
|
CWE-20
Improper Input Validation
|
CVE-2024-47823
|
2024-10-9 03:15 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
107
|
- |
|
-
|
-
|
Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. T…
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-47822
|
2024-10-9 03:15 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
108
|
- |
|
-
|
-
|
PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature
New
|
-
|
CVE-2024-46410
|
2024-10-9 03:15 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
109
|
7.8 |
HIGH
Local
|
-
|
-
|
Microsoft Office Remote Code Execution Vulnerability
New
|
CWE-426
Untrusted Search Path
|
CVE-2024-43616
|
2024-10-9 03:15 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
110
|
7.1 |
HIGH
Network
|
-
|
-
|
Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
New
|
CWE-73
External Control of File Name or Path
|
CVE-2024-43615
|
2024-10-9 03:15 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|