251
|
8.8 |
HIGH
Network
|
emiloimagtolis
|
online_discussion_forum
|
File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using …
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-37869
|
2024-10-9 03:15 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
252
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
btrfs: clean up our handling of refs == 0 in snapshot delete
In reada we BUG_ON(refs == 0), which could be unkind since we aren't…
Update
|
NVD-CWE-noinfo
|
CVE-2024-46840
|
2024-10-9 03:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
253
|
5.4 |
MEDIUM
Network
|
kraftplugins
|
demo_importer_plus
|
The Demo Importer Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0.1 due to insufficient input sanitization and ou…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9172
|
2024-10-9 03:05 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
254
|
7.5 |
HIGH
Network
cisco
|
meraki_z4c_firmware meraki_z4_firmware meraki_z3c_firmware meraki_z3_firmware meraki_vmx_firmware meraki_mx600_firmware meraki_mx450_firmware meraki_mx400_firmware meraki_mx25…
|
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS cond…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-20499
|
2024-10-9 02:45 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
255
|
7.5 |
HIGH
Network
cisco
|
meraki_z4c_firmware meraki_z4_firmware meraki_z3c_firmware meraki_z3_firmware meraki_vmx_firmware meraki_mx600_firmware meraki_mx450_firmware meraki_mx400_firmware meraki_mx25…
|
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in …
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-20500
|
2024-10-9 02:37 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
256
|
7.8 |
HIGH
Local
|
atlassian
|
confluence_data_center confluence_server
|
Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Conflu…
Update
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2021-43940
|
2024-10-9 02:35 |
2022-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257
|
5.3 |
MEDIUM
Network
-
|
-
|
A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is …
New
|
CWE-444
HTTP Request Smuggling
|
CVE-2024-9622
|
2024-10-9 02:15 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
258
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configura…
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-9621
|
2024-10-9 02:15 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259
|
5.3 |
MEDIUM
Network
-
|
-
|
A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerabili…
New
|
-
|
CVE-2024-9620
|
2024-10-9 02:15 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
260
|
- |
|
-
|
-
|
Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.
New
|
-
|
CVE-2024-9381
|
2024-10-9 02:15 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|