1941
|
6.5 |
MEDIUM
Network
|
eclipse
|
jetty
|
Jetty PushSessionCacheFilter can be exploited by unauthenticated users
to launch remote DoS attacks by exhausting the server’s memory.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-6762
|
2024-11-9 06:29 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1942
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too
Stuart Hayhurst has found that both at bootup and fullscreen VA-API vide…
|
NVD-CWE-noinfo
|
CVE-2024-50108
|
2024-11-9 06:28 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1943
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses
Commit 50c6dbdfd16e ("x86/ioremap: Improve iounm…
|
NVD-CWE-noinfo
|
CVE-2024-50107
|
2024-11-9 06:27 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1944
|
9.8 |
CRITICAL
Network
sunshinephotocart
|
sunshine_photo_cart
|
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through…
|
CWE-862
Missing Authorization
|
CVE-2024-44038
|
2024-11-9 06:26 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1945
|
8.8 |
HIGH
Network
|
beardev
|
joomsport
|
Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.6.3.
|
CWE-862
Missing Authorization
|
CVE-2024-44031
|
2024-11-9 06:26 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1946
|
7.2 |
HIGH
Network
|
netgear
|
ex3700_firmware
|
Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 a…
|
CWE-77
Command Injection
|
CVE-2024-35522
|
2024-11-9 06:25 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1947
|
8.8 |
HIGH
Network
|
helloasso
|
helloasso
|
Missing Authorization vulnerability in HelloAsso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HelloAsso: from n/a through 1.1.10.
|
CWE-862
Missing Authorization
|
CVE-2024-44052
|
2024-11-9 06:24 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1948
|
7.2 |
HIGH
Network
|
netgear
|
xr1000_firmware
|
Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter.
|
CWE-77
Command Injection
|
CVE-2024-35517
|
2024-11-9 06:24 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1949
|
7.5 |
HIGH
Network
everestthemes
|
everest_backup
|
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via …
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-10028
|
2024-11-9 06:21 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1950
|
6.1 |
MEDIUM
Network
|
westguardsolutions
|
ws_form
|
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10647
|
2024-11-9 06:20 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|