|
317271
|
5.4 |
MEDIUM
Network
|
piotnet
|
piotnet_addons
|
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to,…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5502
|
2024-09-13 06:05 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317272
|
4.9 |
MEDIUM
Network
|
continew
|
continew_admin
|
A vulnerability was found in ContiNew Admin 3.2.0 and classified as critical. Affected by this issue is the function top.continew.starter.extension.crud.controller.BaseController#page of the file /ap…
|
CWE-89
SQL Injection
|
CVE-2024-8150
|
2024-09-13 06:01 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317273
|
6.5 |
MEDIUM
Network
|
9front
|
lib9p
|
A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user.
This is du…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-8158
|
2024-09-13 06:00 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317274
|
9.8 |
CRITICAL
Network
|
hillstonenet
|
web_application_firewall
|
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firew…
|
CWE-77
Command Injection
|
CVE-2024-8073
|
2024-09-13 05:58 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317275
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix null ptr deref in dtInsertEntry
[syzbot reported]
general protection fault, probably for non-canonical address 0xdffffc0…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-44939
|
2024-09-13 05:58 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317276
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to cover read extent cache access with lock
syzbot reports a f2fs bug as below:
BUG: KASAN: slab-use-after-free in san…
|
CWE-416
Use After Free
|
CVE-2024-44941
|
2024-09-13 05:57 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317277
|
7.5 |
HIGH
Network
|
dfinity
|
canister_developer_kit_for_the_internet_computer
|
When a canister method is called via ic_cdk::call* , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked a…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-7884
|
2024-09-13 05:47 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317278
|
8.8 |
HIGH
Network
|
mitel
|
mivoice_mx-one
|
The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authenticated attacker to conduct an authentication bypass attack due to improper access control. A successfu…
|
NVD-CWE-noinfo
|
CVE-2024-36446
|
2024-09-13 05:47 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317279
|
4.3 |
MEDIUM
Network
|
imagerecycle
|
imagerecycle_pdf_\&_image_compression
|
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and i…
|
CWE-862
Missing Authorization
|
CVE-2024-6631
|
2024-09-13 05:39 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317280
|
- |
|
-
|
-
|
The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks…
|
-
|
CVE-2024-7891
|
2024-09-13 05:35 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
