|
315941
|
7.2 |
HIGH
Network
|
theeventscalendar
|
events_calendar_pro
|
The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in w…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8016
|
2024-09-3 23:51 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315942
|
6.3 |
MEDIUM
Network
|
tutorlms
|
tutor_lms_pro
|
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treport_quiz_atttempt_delete and t…
|
CWE-862
Missing Authorization
|
CVE-2024-5784
|
2024-09-3 23:48 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315943
|
4.3 |
MEDIUM
Network
|
themeific
|
tourfic
|
The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tf_order_status…
|
CWE-352
Origin Validation Error
|
CVE-2024-8319
|
2024-09-3 23:43 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315944
|
5.4 |
MEDIUM
Network
|
wpvibes
|
elementor_addon_elements
|
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7122
|
2024-09-3 23:41 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315945
|
- |
|
-
|
-
|
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make imp…
|
-
|
CVE-2024-3655
|
2024-09-3 23:35 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315946
|
6.3 |
MEDIUM
Network
|
maxfoundry
|
media_library_folders
|
The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to…
|
CWE-862
Missing Authorization
|
CVE-2024-7858
|
2024-09-3 23:34 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315947
|
8.8 |
HIGH
Network
|
codection
|
clean_login
|
The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes …
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2024-8252
|
2024-09-3 23:31 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315948
|
6.1 |
MEDIUM
Network
|
wpbookingcalendar
|
wp_booking_calendar
|
The WP Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via several parameters from 'timeline_obj' in all versions up to, and including, 10.5 due to insufficient …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8274
|
2024-09-3 23:28 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315949
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
sched: Fix yet more sched_fork() races
Where commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an
invalid sched_task_gr…
|
NVD-CWE-noinfo
|
CVE-2022-48944
|
2024-09-3 23:26 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315950
|
9.8 |
CRITICAL
Network
|
openrapid
|
rapidcms
|
A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been classified as critical. This affects an unknown part of the file /admin/user/user-move-run.php. The manipulation of the argume…
|
CWE-89
SQL Injection
|
CVE-2024-8331
|
2024-09-3 23:25 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
