|
312011
|
- |
|
-
|
-
|
cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component.
|
-
|
CVE-2024-34831
|
2024-09-12 01:26 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312012
|
6.5 |
MEDIUM
Network
|
mozilla
|
thunderbird
|
When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2.
|
CWE-416
Use After Free
|
CVE-2024-8394
|
2024-09-12 01:25 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312013
|
8.8 |
HIGH
Network
|
draytek
|
vigor3900_firmware
|
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.
|
CWE-78
OS Command
|
CVE-2024-44845
|
2024-09-12 01:24 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312014
|
8.8 |
HIGH
Network
|
draytek
|
vigor3900_firmware
|
DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.
|
CWE-78
OS Command
|
CVE-2024-44844
|
2024-09-12 01:24 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312015
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
gsmi: fix null-deref in gsmi_get_variable
We can get EFI variables without fetching the attribute, so we must
allow for that in g…
|
CWE-476
NULL Pointer Dereference
|
CVE-2023-52893
|
2024-09-12 01:24 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312016
|
4.3 |
MEDIUM
Network
|
ngothang
|
wp_multitasking
|
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-6852
|
2024-09-12 01:23 |
2024-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312017
|
4.3 |
MEDIUM
Network
|
ngothang
|
wp_multitasking
|
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-6853
|
2024-09-12 01:22 |
2024-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312018
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/virtio: Fix GEM handle creation UAF
Userspace can guess the handle value and try to race GEM object creation
with handle clos…
|
CWE-416
Use After Free
|
CVE-2022-48899
|
2024-09-12 01:22 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312019
|
4.3 |
MEDIUM
Network
|
ngothang
|
wp_multitasking
|
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-6855
|
2024-09-12 01:21 |
2024-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312020
|
4.3 |
MEDIUM
Network
|
ngothang
|
wp_multitasking
|
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-6856
|
2024-09-12 01:20 |
2024-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
