|
491
|
7.5 |
HIGH
Network
connect2id
|
nimbus_jose\+jwt
|
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PB…
Update
|
NVD-CWE-noinfo
|
CVE-2023-52428
|
2024-10-31 05:35 |
2024-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
492
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: BPF: Prevent out-of-bounds memory access
The test_tag test triggers an unhandled page fault:
# ./test_tag
[ 130.…
Update
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2024-26588
|
2024-10-31 05:35 |
2024-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
493
|
7.5 |
HIGH
Network
totolink
|
x5000r_firmware
a7000r_firmware
|
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to …
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2023-45985
|
2024-10-31 05:35 |
2023-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
494
|
7.5 |
HIGH
Network
dericia
|
delicia
|
An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function.
Update
|
NVD-CWE-noinfo
|
CVE-2023-31824
|
2024-10-31 05:35 |
2023-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
495
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a race condition between btf_put() and map_free()
When running `./test_progs -j` in my local vm with latest kernel,
I on…
Update
|
CWE-416
Use After Free
|
CVE-2023-52446
|
2024-10-31 05:35 |
2024-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
496
|
4.1 |
MEDIUM
Network
|
solarwinds
|
serv-u
|
Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-45714
|
2024-10-31 05:33 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
497
|
4.9 |
MEDIUM
Network
|
topdata
|
inner_rep_plus
|
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads…
Update
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2024-10128
|
2024-10-31 05:31 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
498
|
6.1 |
MEDIUM
Network
|
sunburntkamel
|
disconnected
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sunburntkamel disconnected allows Reflected XSS.This issue affects disconnected: from n/a …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-49268
|
2024-10-31 05:30 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
499
|
5.4 |
MEDIUM
Network
|
booking
|
banner_creator
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Partnerships at Booking.Com Booking.Com Banner Creator allows Stored XSS.This issue affect…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-49265
|
2024-10-31 05:29 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
500
|
9.8 |
CRITICAL
Network
riskengine
|
radar
|
A vulnerability has been found in wfh45678 Radar up to 1.0.8 and classified as critical. This vulnerability affects unknown code of the file /services/v1/common/upload. The manipulation of the argume…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10120
|
2024-10-31 05:20 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
