1
|
- |
|
-
|
-
|
HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable.
New
|
-
|
CVE-2024-30149
|
2024-10-31 18:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-843
Type Confusion
|
CVE-2024-10230
|
2024-10-31 17:35 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
3
|
6.1 |
MEDIUM
Network
|
hms-networks
|
ewon_cosy\+_firmware
|
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to XSS when displaying the logs due to improper input sanitization. This is fixed in version 21.2s10…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-33893
|
2024-10-31 17:35 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
4
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ftrace: Fix possible use-after-free issue in ftrace_location()
KASAN reports a bug:
BUG: KASAN: use-after-free in ftrace_locat…
Update
|
CWE-416
Use After Free
|
CVE-2024-38588
|
2024-10-31 17:35 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
5
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Simple Anchors Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpanchor shortcode in all versions up to, and including, 1.0.0 due to insufficient input…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9446
|
2024-10-31 16:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
6
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on th…
New
|
-
|
CVE-2024-9434
|
2024-10-31 16:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
7
|
5.3 |
MEDIUM
Network
-
|
-
|
The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded fun…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-9430
|
2024-10-31 16:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
8
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4 …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9165
|
2024-10-31 16:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
9
|
5.3 |
MEDIUM
Network
-
|
-
|
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the sub…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-9700
|
2024-10-31 15:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
10
|
9.8 |
CRITICAL
Network
-
|
-
|
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and includ…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10392
|
2024-10-31 15:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|