201
|
5.4 |
MEDIUM
Network
|
chartjs_project
|
chartjs
|
The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-6081
|
2024-10-9 23:57 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
202
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: mana: Fix RX buf alloc_size alignment and atomic op panic
The MANA driver's RX buffer alloc_size is passed into napi_build_s…
Update
|
NVD-CWE-noinfo
|
CVE-2024-45001
|
2024-10-9 23:49 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
203
|
7.5 |
HIGH
Network
|
lunary
|
lunary
|
In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. This allows an attacker who compromises the r…
Update
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2024-5277
|
2024-10-9 23:49 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
204
|
9.8 |
CRITICAL
Network
juniper
|
junos
|
An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-21591
|
2024-10-9 23:47 |
2024-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
205
|
7.8 |
HIGH
Local
|
linux redhat
|
linux_kernel enterprise_linux codeready_linux_builder enterprise_linux_for_real_time enterprise_linux_for_real_time_for_nfv enterprise_linux_server_tus enterprise_linux_eus enter…
|
The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surfa…
Update
|
CWE-416
Use After Free
|
CVE-2023-5633
|
2024-10-9 23:43 |
2023-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
206
|
9.8 |
CRITICAL
Network
oracle canonical debian netapp apache redhat suse opensuse
|
jrockit linux jdk jre ubuntu_linux debian_linux oncommand_balance oncommand_workflow_automation oncommand_insight virtual_storage_console e-series_santricity_storage_man…
|
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vector…
Update
|
NVD-CWE-noinfo
|
CVE-2016-3427
|
2024-10-9 23:41 |
2016-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
207
|
7.8 |
HIGH
Local
|
microsoft
|
windows_defender security_essentials system_center_endpoint_protection
|
Microsoft Defender Remote Code Execution Vulnerability
Update
|
NVD-CWE-noinfo
|
CVE-2021-1647
|
2024-10-9 23:40 |
2021-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
208
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tcp: prevent concurrent execution of tcp_sk_exit_batch
Its possible that two threads call tcp_sk_exit_batch() concurrently,
once …
Update
|
NVD-CWE-noinfo
|
CVE-2024-44991
|
2024-10-9 23:36 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
209
|
- |
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), Improper Input Validation vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parame…
New
|
CWE-20 CWE-89
Improper Input Validation SQL Injection
|
CVE-2024-9286
|
2024-10-9 23:35 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
210
|
- |
|
-
|
-
|
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.
This issue affects Apache XML Graphics FOP: 2.9.
Users are recommended to upgrade to version …
New
|
CWE-611
XXE
|
CVE-2024-28168
|
2024-10-9 23:35 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|