101
|
6.1 |
MEDIUM
Network
|
ylefebvre
|
link_library
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library link-library allows Reflected XSS.This issue affects Link Li…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-35687
|
2024-10-11 01:59 |
2024-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
102
|
4.8 |
MEDIUM
Network
|
ylefebvre
|
link_library
|
The Link Library WordPress plugin before 7.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e…
Update
|
-
|
CVE-2022-4199
|
2024-10-11 01:59 |
2023-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
103
|
7.5 |
HIGH
Network
ylefebvre
|
link_library
|
The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request
Update
|
CWE-862
Missing Authorization
|
CVE-2021-25093
|
2024-10-11 01:59 |
2022-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
104
|
6.5 |
MEDIUM
Network
|
ylefebvre
|
link_library
|
The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack
Update
|
CWE-352
Origin Validation Error
|
CVE-2021-25092
|
2024-10-11 01:59 |
2022-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
105
|
6.1 |
MEDIUM
Network
|
ylefebvre
|
link_library
|
The Link Library WordPress plugin before 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Update
|
CWE-79
Cross-site Scripting
|
CVE-2021-25091
|
2024-10-11 01:59 |
2022-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
106
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Fix double DMA unmapping for XDP_REDIRECT
Remove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT
code path.…
Update
|
NVD-CWE-noinfo
|
CVE-2024-44984
|
2024-10-11 01:48 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
107
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: mv88e6xxx: Fix out-of-bound access
If an ATU violation was caused by a CPU Load operation, the SPID could
be larger tha…
Update
|
NVD-CWE-noinfo
|
CVE-2024-44988
|
2024-10-11 01:44 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
108
|
- |
|
-
|
-
|
Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committe…
New
|
-
|
CVE-2024-35202
|
2024-10-11 01:35 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
109
|
6.7 |
MEDIUM
Local
|
linuxfoundation rdkcentral google openwrt
|
yocto rdk-b android openwrt
|
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2023-20831
|
2024-10-11 01:35 |
2023-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
110
|
6.7 |
MEDIUM
Local
|
linuxfoundation rdkcentral google openwrt
|
yocto rdk-b android openwrt
|
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2023-20830
|
2024-10-11 01:35 |
2023-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|