|
271
|
6.5 |
MEDIUM
Network
|
lunary
|
lunary
|
An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allows an authenticated user to update other users' p…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-7473
|
2024-11-1 00:11 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272
|
4.3 |
MEDIUM
Network
|
rockoa
|
xinhu
|
RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php.
Update
|
CWE-22
Path Traversal
|
CVE-2024-48213
|
2024-11-1 00:09 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273
|
7.5 |
HIGH
Network
mozilla
|
thunderbird
firefox
|
A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, T…
New
|
NVD-CWE-noinfo
|
CVE-2024-10458
|
2024-11-1 00:03 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
274
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
vrf: revert "vrf: Remove unnecessary RCU-bh critical section"
This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853.
dev_…
Update
|
CWE-667
Improper Locking
|
CVE-2024-49980
|
2024-10-31 23:58 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
for_each_pci_dev() is implemented by pci_get_device(). The comment…
Update
|
NVD-CWE-Other
|
CVE-2022-49000
|
2024-10-31 23:56 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276
|
6.1 |
MEDIUM
Network
|
foxskav
|
bet_wc_2018_russia
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foxskav Bet WC 2018 Russia allows Reflected XSS.This issue affects Bet WC 2018 Russia: fro…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-49637
|
2024-10-31 23:52 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277
|
6.1 |
MEDIUM
Network
|
prashantmavinkurve
|
agile_video_player_lite
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Prashant Mavinkurve Agile Video Player Lite allows Reflected XSS.This issue affects Agile …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-49636
|
2024-10-31 23:51 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278
|
4.3 |
MEDIUM
Network
|
hitachienergy
|
tro610_firmware
tro620_firmware
tro670_firmware
|
Profile files from TRO600 series radios are extracted in plain-text
and encrypted file formats. Profile files provide potential attackers
valuable configuration information about the Tropos network. …
New
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2024-41156
|
2024-10-31 23:49 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference
Gwangun Jung reported a slab-out-of-bounds …
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2022-48999
|
2024-10-31 23:44 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280
|
7.2 |
HIGH
Network
|
hitachienergy
|
tro610_firmware
tro620_firmware
tro670_firmware
|
Command injection vulnerability in the Edge Computing UI for the
TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the
we…
New
|
CWE-77
Command Injection
|
CVE-2024-41153
|
2024-10-31 23:37 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
