221
|
6.7 |
MEDIUM
Local
|
-
|
-
|
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2024-37976
|
2024-10-9 03:15 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
222
|
- |
|
-
|
-
|
NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a…
New
|
-
|
CVE-2024-35215
|
2024-10-9 03:15 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
223
|
8.0 |
HIGH
Adjacent
|
-
|
-
|
Windows Hyper-V Remote Code Execution Vulnerability
New
|
CWE-20 CWE-829
Improper Input Validation Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2024-30092
|
2024-10-9 03:15 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
224
|
- |
|
-
|
-
|
An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string.
New
|
-
|
CVE-2024-25885
|
2024-10-9 03:15 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
225
|
7.1 |
HIGH
Adjacent
|
-
|
-
|
Windows Hyper-V Security Feature Bypass Vulnerability
New
|
CWE-20
Improper Input Validation
|
CVE-2024-20659
|
2024-10-9 03:15 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
226
|
8.8 |
HIGH
Network
|
emiloimagtolis
|
online_discussion_forum
|
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using …
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-37869
|
2024-10-9 03:15 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
227
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
btrfs: clean up our handling of refs == 0 in snapshot delete
In reada we BUG_ON(refs == 0), which could be unkind since we aren't…
Update
|
NVD-CWE-noinfo
|
CVE-2024-46840
|
2024-10-9 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
228
|
5.4 |
MEDIUM
Network
|
kraftplugins
|
demo_importer_plus
|
The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.1 due to insufficient input sanitization and ou…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9172
|
2024-10-9 03:05 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
229
|
7.5 |
HIGH
Network
cisco
|
meraki_z4c_firmware meraki_z4_firmware meraki_z3c_firmware meraki_z3_firmware meraki_vmx_firmware meraki_mx600_firmware meraki_mx450_firmware meraki_mx400_firmware meraki_mx25…
|
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS cond…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-20499
|
2024-10-9 02:45 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
230
|
7.5 |
HIGH
Network
cisco
|
meraki_z4c_firmware meraki_z4_firmware meraki_z3c_firmware meraki_z3_firmware meraki_vmx_firmware meraki_mx600_firmware meraki_mx450_firmware meraki_mx400_firmware meraki_mx25…
|
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in …
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-20500
|
2024-10-9 02:37 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|