681
|
5.4 |
MEDIUM
Network
|
wpdeveloper
|
essential_addons_for_elementor
|
The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eael_lightbox_open_btn_icon’ parameter within the Lightbox & Modal widget in all vers…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-5612
|
2024-10-30 03:05 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
682
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
afs: Fix the setting of the server responding flag
In afs_wait_for_operation(), we set transcribe the call responded flag to
the …
Update
|
NVD-CWE-noinfo
|
CVE-2024-49999
|
2024-10-30 03:03 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
683
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: gso: fix tcp fraglist segmentation after pull from frag_list
Detect tcp gso fraglist skbs with corrupted geometry (see below…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-49979
|
2024-10-30 03:02 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
684
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
gso: fix udp gso fraglist segmentation after pull from frag_list
Detect gso fraglist skbs with corrupted geometry (see below) and…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-49978
|
2024-10-30 03:01 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
685
|
4.3 |
MEDIUM
Network
|
wpchill
|
strong_testimonials
|
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and …
Update
|
CWE-862
Missing Authorization
|
CVE-2023-6491
|
2024-10-30 02:59 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
686
|
5.4 |
MEDIUM
Network
|
logichunt
|
logo_slider
|
The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role an…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-3288
|
2024-10-30 02:52 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
687
|
5.8 |
MEDIUM
Network
cisco
|
firepower_threat_defense_software adaptive_security_appliance_software
|
A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote a…
Update
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2024-20481
|
2024-10-30 02:47 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
688
|
9.6 |
CRITICAL
Network
|
apple
|
ipados iphone_os
|
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox.
New
|
NVD-CWE-noinfo
|
CVE-2024-40867
|
2024-10-30 02:41 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
689
|
8.8 |
HIGH
Local
|
apple
|
macos
|
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An application may be able to break out of its sandbox.
New
|
NVD-CWE-noinfo
|
CVE-2024-44122
|
2024-10-30 02:38 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
690
|
5.5 |
MEDIUM
Local
|
hp
|
oneview
|
This vulnerability could be exploited, leading to unauthorized disclosure of information to authenticated users.
Update
|
NVD-CWE-noinfo
|
CVE-2024-42508
|
2024-10-30 02:38 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|