|
313321
|
8.8 |
HIGH
Network
|
newsignature
|
wp_easy_post_types
|
The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajax…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-10079
|
2024-10-23 01:27 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313322
|
7.4 |
HIGH
Network
|
bitdefender
|
total_security
|
A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates.…
|
CWE-295
Improper Certificate Validation
|
CVE-2023-49570
|
2024-10-23 01:26 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313323
|
9.8 |
CRITICAL
Network
|
hikvision
|
hikcentral_master
|
There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file.
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2024-47485
|
2024-10-23 01:23 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313324
|
5.4 |
MEDIUM
Network
|
gurieveugen\&vitaliyshebela
|
branding
|
The Branding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escapin…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9452
|
2024-10-23 01:23 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313325
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to check atomic_file in f2fs ioctl interfaces
Some f2fs ioctl interfaces like f2fs_ioc_set_pin_file(),
f2fs_move_file_r…
|
CWE-362
Race Condition
|
CVE-2024-49859
|
2024-10-23 01:13 |
2024-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313326
|
7.0 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nbd: fix race between timeout and normal completion
If request timetout is handled by nbd_requeue_cmd(), normal completion
has to…
|
CWE-416
Use After Free
|
CVE-2024-49855
|
2024-10-23 01:12 |
2024-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313327
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos
In case of malformed relocation record of kind BPF_CORE_TYPE_ID_LOCA…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-49850
|
2024-10-23 01:12 |
2024-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313328
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway
Syzbot reports a UAF in hugetlb_fault(). This happens because
vmf_anon_pre…
|
CWE-416
Use After Free
|
CVE-2024-47676
|
2024-10-23 01:12 |
2024-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313329
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Fix H264 stateless decoder smatch warning
Fix a smatch static checker warning on vdec_h264_req_if.c.
Whi…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-47752
|
2024-10-23 01:11 |
2024-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313330
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning
Fix a smatch static checker warning on vdec_vp8_req_if.c.
Which…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-47753
|
2024-10-23 01:10 |
2024-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
