|
312221
|
5.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsaniti…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2024-4099
|
2024-10-5 02:33 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312222
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauth…
|
CWE-863
Incorrect Authorization
|
CVE-2024-8974
|
2024-10-5 02:30 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312223
|
7.5 |
HIGH
Network
|
ays-pro
|
chatgpt_assistant
|
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-7713
|
2024-10-5 02:28 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312224
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check msg_id before processing transcation
[WHY & HOW]
HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is…
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46814
|
2024-10-5 02:27 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312225
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check gpio_id before used as array index
[WHY & HOW]
GPIO_ID_UNKNOWN (-1) is not a valid value for array index a…
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46818
|
2024-10-5 02:18 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312226
|
7.2 |
HIGH
Network
|
givewp
|
givewp
|
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insu…
|
CWE-89
SQL Injection
|
CVE-2024-9130
|
2024-10-5 02:18 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312227
|
9.8 |
CRITICAL
Network
|
tendacn
|
g3_firmware
|
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function.
|
CWE-78
OS Command
|
CVE-2024-46628
|
2024-10-5 02:18 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312228
|
6.1 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privileg…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7354
|
2024-10-5 02:16 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312229
|
6.1 |
MEDIUM
Network
|
projectcaruso
|
flaming_forms
|
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators.
|
CWE-79
Cross-site Scripting
|
CVE-2024-7691
|
2024-10-5 02:15 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312230
|
7.5 |
HIGH
Network
|
oceanicsoft
|
valeapp
|
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).This issue affects ValeApp: …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-8644
|
2024-10-5 02:14 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
