|
312001
|
4.7 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix race between quota rescan and disable leading to NULL pointer deref
If we have one task trying to start the quota resc…
|
CWE-476
NULL Pointer Dereference
|
CVE-2023-52896
|
2024-09-12 01:37 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312002
|
5.4 |
MEDIUM
Network
|
share-this-image
|
share_this_image
|
The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8363
|
2024-09-12 01:35 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312003
|
5.3 |
MEDIUM
Network
|
ivorysearch
|
ivory_search
|
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possi…
|
NVD-CWE-noinfo
|
CVE-2024-6835
|
2024-09-12 01:32 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312004
|
8.1 |
HIGH
Network
|
bitapps
|
file_manager
|
The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessi…
|
CWE-362
Race Condition
|
CVE-2024-7627
|
2024-09-12 01:31 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312005
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
io_uring/poll: don't reissue in case of poll race on multishot request
A previous commit fixed a poll race that can occur, but it…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2023-52895
|
2024-09-12 01:31 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312006
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
In Google internal bug 265639009 we've received an (as yet) unr…
|
CWE-476
NULL Pointer Dereference
|
CVE-2023-52894
|
2024-09-12 01:27 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312007
|
- |
|
-
|
-
|
An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authent…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-45327
|
2024-09-12 01:26 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312008
|
- |
|
-
|
-
|
A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or director…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2024-8655
|
2024-09-12 01:26 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312009
|
- |
|
-
|
-
|
SpiderControl SCADA Web Server has a vulnerability that could allow an
attacker to upload specially crafted malicious files without
authentication.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-8232
|
2024-09-12 01:26 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312010
|
- |
|
-
|
-
|
Directus is a real-time API and App dashboard for managing SQL database content. An unauthenticated user can access credentials of last authenticated user via OpenID or OAuth2 where the authenticatio…
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2024-45596
|
2024-09-12 01:26 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
