1111
|
8.8 |
HIGH
Network
|
google fedoraproject debian
|
chrome fedora debian_linux
|
Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Update
|
CWE-416
Use After Free
|
CVE-2023-1818
|
2024-10-8 04:36 |
2023-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1112
|
8.8 |
HIGH
Network
|
atlassian
|
confluence_server confluence_data_center
|
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands …
Update
|
CWE-94
Code Injection
|
CVE-2021-39114
|
2024-10-8 04:36 |
2022-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1113
|
9.8 |
CRITICAL
Network
atlassian
|
crucible fisheye
|
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max faile…
Update
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2021-43958
|
2024-10-8 04:36 |
2022-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1114
|
7.5 |
HIGH
Network
atlassian
|
crucible fisheye
|
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the …
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2021-43957
|
2024-10-8 04:36 |
2022-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1115
|
7.2 |
HIGH
Network
|
atlassian
|
jira_server jira_data_center
|
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center al…
Update
|
CWE-94
Code Injection
|
CVE-2021-43944
|
2024-10-8 04:36 |
2022-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1116
|
6.5 |
MEDIUM
Adjacent
|
gotenna
|
gotenna
|
In the goTenna Pro ATAK Plugin there is a vulnerability that makes it
possible to inject any custom message with any GID and Callsign using a
software defined radio in existing gotenna mesh network…
Update
|
NVD-CWE-Other
|
CVE-2024-41722
|
2024-10-8 04:35 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1117
|
6.5 |
MEDIUM
Adjacent
|
gotenna
|
gotenna
|
In the goTenna Pro ATAK Plugin application, the encryption keys are
stored along with a static IV on the device. This allows for complete
decryption of keys stored on the device. This allows an att…
Update
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-45374
|
2024-10-8 04:27 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1118
|
5.4 |
MEDIUM
Network
|
connekthq
|
ajax_load_more
|
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to in…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8505
|
2024-10-8 04:26 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1119
|
6.1 |
MEDIUM
Network
|
goldplugins
|
custom_banners
|
The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8799
|
2024-10-8 04:22 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1120
|
6.1 |
MEDIUM
Network
|
cornelraiu
|
wp_search_analytics
|
The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includi…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9209
|
2024-10-8 04:20 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|