|
312781
|
4.3 |
MEDIUM
Network
|
ngothang
|
wp_multitasking
|
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-6853
|
2024-09-12 01:22 |
2024-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312782
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/virtio: Fix GEM handle creation UAF
Userspace can guess the handle value and try to race GEM object creation
with handle clos…
|
CWE-416
Use After Free
|
CVE-2022-48899
|
2024-09-12 01:22 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312783
|
4.3 |
MEDIUM
Network
|
ngothang
|
wp_multitasking
|
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-6855
|
2024-09-12 01:21 |
2024-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312784
|
4.3 |
MEDIUM
Network
|
ngothang
|
wp_multitasking
|
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-6856
|
2024-09-12 01:20 |
2024-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312785
|
5.4 |
MEDIUM
Network
|
ngothang
|
wp_multitasking
|
The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6859
|
2024-09-12 01:19 |
2024-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312786
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer
There are 3 possible interrupt sources are handle…
|
CWE-362
Race Condition
|
CVE-2022-48898
|
2024-09-12 01:19 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312787
|
9.8 |
CRITICAL
Network
|
themetechmount
|
truebooker
|
The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a …
|
CWE-89
SQL Injection
|
CVE-2024-6924
|
2024-09-12 01:15 |
2024-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312788
|
4.3 |
MEDIUM
Network
|
themetechmount
|
truebooker
|
The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
|
CWE-352
Origin Validation Error
|
CVE-2024-6925
|
2024-09-12 01:12 |
2024-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312789
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
arm64/mm: fix incorrect file_map_count for invalid pmd
The page table check trigger BUG_ON() unexpectedly when split hugepage:
…
|
NVD-CWE-noinfo
|
CVE-2022-48897
|
2024-09-12 01:10 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312790
|
9.8 |
CRITICAL
Network
|
angeljudesuarez
|
tailoring_management_system
|
A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /inccatadd.php. The manipulation…
|
CWE-89
SQL Injection
|
CVE-2024-8570
|
2024-09-12 01:07 |
2024-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
