|
312201
|
8.1 |
HIGH
Network
|
bitapps
|
file_manager
|
The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessi…
|
CWE-362
Race Condition
|
CVE-2024-7627
|
2024-09-12 01:31 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312202
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
io_uring/poll: don't reissue in case of poll race on multishot request
A previous commit fixed a poll race that can occur, but it…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2023-52895
|
2024-09-12 01:31 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312203
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
In Google internal bug 265639009 we've received an (as yet) unr…
|
CWE-476
NULL Pointer Dereference
|
CVE-2023-52894
|
2024-09-12 01:27 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312204
|
- |
|
-
|
-
|
An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authent…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-45327
|
2024-09-12 01:26 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312205
|
- |
|
-
|
-
|
A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or director…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2024-8655
|
2024-09-12 01:26 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312206
|
- |
|
-
|
-
|
SpiderControl SCADA Web Server has a vulnerability that could allow an
attacker to upload specially crafted malicious files without
authentication.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-8232
|
2024-09-12 01:26 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312207
|
- |
|
-
|
-
|
Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authenticatio…
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2024-45596
|
2024-09-12 01:26 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312208
|
- |
|
-
|
-
|
cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component.
|
-
|
CVE-2024-34831
|
2024-09-12 01:26 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312209
|
6.5 |
MEDIUM
Network
|
mozilla
|
thunderbird
|
When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2.
|
CWE-416
Use After Free
|
CVE-2024-8394
|
2024-09-12 01:25 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312210
|
8.8 |
HIGH
Network
|
draytek
|
vigor3900_firmware
|
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.
|
CWE-78
OS Command
|
CVE-2024-44845
|
2024-09-12 01:24 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
