371
|
2.4 |
LOW
Physics
|
apple
|
ipados iphone_os
|
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contact photos from…
New
|
NVD-CWE-noinfo
|
CVE-2024-40851
|
2024-10-31 00:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
372
|
- |
|
-
|
-
|
An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and Tapo P125M 1.0.0 Build 220930 Rel.143947 allows attackers to observe device state via observing ne…
Update
|
-
|
CVE-2024-35495
|
2024-10-31 00:35 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
373
|
7.5 |
HIGH
Network
mozilla
|
firefox
|
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and T…
Update
|
NVD-CWE-noinfo
|
CVE-2024-8900
|
2024-10-31 00:35 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
374
|
- |
|
-
|
-
|
The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors.
Update
|
-
|
CVE-2024-40743
|
2024-10-31 00:35 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
375
|
- |
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments sect…
Update
|
-
|
CVE-2024-25837
|
2024-10-31 00:35 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
376
|
4.4 |
MEDIUM
Local
|
apple
|
macos
|
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be able to bypass sensi…
Update
|
NVD-CWE-noinfo
|
CVE-2024-40834
|
2024-10-31 00:35 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
377
|
6.5 |
MEDIUM
Network
|
apple
|
ipados iphone_os macos watchos tvos visionos safari
|
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionO…
Update
|
NVD-CWE-noinfo
|
CVE-2024-40789
|
2024-10-31 00:35 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
378
|
6.5 |
MEDIUM
Network
|
openstack
|
nova
|
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a desc…
Update
|
NVD-CWE-noinfo
|
CVE-2024-40767
|
2024-10-31 00:35 |
2024-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
379
|
- |
|
-
|
-
|
NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one sc…
Update
|
-
|
CVE-2022-29946
|
2024-10-31 00:35 |
2024-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
380
|
5.5 |
MEDIUM
Local
|
jungo mitsubishielectric
|
windriver cpu_module_logging_configuration_tool cw_configurator data_transfer ezsocket fr_configurator_sw3 fr_configurator2 gt_got1000 gt_got2000 gt_softgot1000 gt_softg…
|
Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue screen error.
Update
|
NVD-CWE-noinfo
|
CVE-2024-25087
|
2024-10-31 00:35 |
2024-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|