51
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team WZone allows Reflected XSS.This issue affects WZone: from n/a through 14.0.10.
New
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2024-33548
|
2024-04-29 15:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
52
|
- |
-
|
-
|
-
|
Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5.
New
|
CWE-639
ユーザ制御の鍵による認証回避
|
CVE-2024-33542
|
2024-04-29 15:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
53
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill ColorNews allows Stored XSS.This issue affects ColorNews: from n/a through 1.2.6.
New
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2024-33540
|
2024-04-29 15:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
54
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Addons for Elementor (Templates, Widgets) allows Stored XSS.This issue affects WPZO…
New
|
-
|
CVE-2024-33539
|
2024-04-29 15:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
55
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Horse WP Portfolio allows Stored XSS.This issue affects WP Portfolio: from n/a through 2.4.…
New
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2024-33537
|
2024-04-29 15:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
56
|
- |
-
|
-
|
-
|
The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privile…
New
|
-
|
CVE-2024-2505
|
2024-04-29 15:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
57
|
- |
-
|
-
|
-
|
The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks …
New
|
-
|
CVE-2024-1905
|
2024-04-29 15:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
58
|
- |
-
|
-
|
-
|
In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value.
New
|
-
|
CVE-2023-52723
|
2024-04-29 15:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
59
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpOpal Opal Widgets For Elementor allows Stored XSS.This issue affects Opal Widgets For Elementor…
New
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2024-33649
|
2024-04-29 14:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
60
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wzy Media Recencio Book Reviews allows Stored XSS.This issue affects Recencio Book Reviews: from …
New
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2024-33648
|
2024-04-29 14:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
61
|
- |
-
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Sticky Anything allows Cross-Site Scripting (XSS).This issue affects Sticky Anything: from n/a through 2.1.5.
New
|
CWE-352
同一生成元ポリシー違反
|
CVE-2024-33646
|
2024-04-29 14:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
62
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eftakhairul Islam & Sirajus Salayhin Easy Set Favicon allows Reflected XSS.This issue affects Eas…
New
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2024-33645
|
2024-04-29 14:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
63
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey Lampert Advanced Most Recent Posts Mod allows Stored XSS.This issue affects Advanced Most …
New
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2024-33643
|
2024-04-29 14:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
64
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/…
New
|
-
|
CVE-2024-33640
|
2024-04-29 14:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
65
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Reflected XSS.This issue affects Piotnet Addons F…
New
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2024-33633
|
2024-04-29 14:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
66
|
- |
-
|
-
|
-
|
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
New
|
-
|
CVE-2024-33339
|
2024-04-29 14:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
67
|
8.8 |
HIGH
ネットワーク
|
-
|
-
|
N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability. Remote attackers with normal user privilege can execute arbitrary system commands by manipulating user i…
New
|
CWE-78
OSコマンド・インジェクション
|
CVE-2024-4301
|
2024-04-29 13:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
68
|
9.8 |
CRITICAL
ネットワーク
-
|
-
|
E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Acc…
New
|
CWE-200
情報漏えい
|
CVE-2024-4300
|
2024-04-29 13:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
69
|
7.2 |
HIGH
ネットワーク
|
-
|
-
|
The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers…
New
|
CWE-78
OSコマンド・インジェクション
|
CVE-2024-4299
|
2024-04-29 13:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
70
|
- |
-
|
-
|
-
|
In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via pass…
New
|
-
|
CVE-2024-3096
|
2024-04-29 13:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
71
|
- |
-
|
-
|
-
|
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS att…
New
|
-
|
CVE-2024-2757
|
2024-04-29 13:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
72
|
- |
-
|
-
|
-
|
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is tre…
New
|
-
|
CVE-2024-2756
|
2024-04-29 13:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
73
|
- |
-
|
-
|
-
|
In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command …
New
|
-
|
CVE-2024-1874
|
2024-04-29 13:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
74
|
- |
-
|
-
|
-
|
The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with ad…
New
|
-
|
CVE-2024-4298
|
2024-04-29 12:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
75
|
4.9 |
MEDIUM
ネットワーク
|
-
|
-
|
The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attacker…
New
|
CWE-22
パス・トラバーサル
|
CVE-2024-4297
|
2024-04-29 12:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
76
|
4.6 |
MEDIUM
物理
|
gnu redhat
|
grub2 enterprise_linux
|
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memo…
Update
|
CWE-125
境界外読み取り
|
CVE-2023-4693
|
2024-04-29 12:15 |
2023-10-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
77
|
7.8 |
HIGH
ローカル
|
gnu redhat
|
grub2 enterprise_linux
|
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corrupt…
Update
|
CWE-787
境界外書き込み
|
CVE-2023-4692
|
2024-04-29 12:15 |
2023-10-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
78
|
4.9 |
MEDIUM
ネットワーク
|
-
|
-
|
The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers …
New
|
CWE-22
パス・トラバーサル
|
CVE-2024-4296
|
2024-04-29 11:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
79
|
- |
-
|
-
|
-
|
In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pedestrians or bicycles, in part because the collision sensor function is not exposed to the Blueprint library.
New
|
-
|
CVE-2024-33903
|
2024-04-29 10:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
80
|
- |
-
|
-
|
-
|
RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.
New
|
-
|
CVE-2024-33899
|
2024-04-29 09:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
81
|
- |
-
|
-
|
-
|
Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the i…
New
|
-
|
CVE-2024-33891
|
2024-04-29 08:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
82
|
- |
-
|
-
|
-
|
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-33891. Reason: This candidate is a reservation duplicate of CVE-2024-33891. Notes: All CVE users should reference CVE-2024-3389…
New
|
-
|
CVE-2024-33331
|
2024-04-29 08:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
83
|
- |
-
|
-
|
-
|
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected.
Users can set a new …
Update
|
CWE-20
不適切な入力確認
|
CVE-2024-31309
|
2024-04-29 07:15 |
2024-04-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
84
|
5.4 |
MEDIUM
ネットワーク
|
zabbix
|
zabbix
|
The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.
Update
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2024-22119
|
2024-04-29 05:15 |
2024-02-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
85
|
- |
-
|
-
|
-
|
The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.
New
|
-
|
CVE-2024-33883
|
2024-04-29 01:15 |
2024-04-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
86
|
- |
-
|
-
|
-
|
IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified…
New
|
CWE-427
制御されていない検索パスの要素
|
CVE-2024-25050
|
2024-04-28 22:15 |
2024-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
87
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
smb3: fix temporary data corruption in collapse range
collapse range doesn't discard the affected cached region
so can risk tempo…
New
|
-
|
CVE-2022-48668
|
2024-04-28 22:15 |
2024-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
88
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
smb3: fix temporary data corruption in insert range
insert range doesn't discard the affected cached region
so can risk temporari…
New
|
-
|
CVE-2022-48667
|
2024-04-28 22:15 |
2024-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
89
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix overflow for large capacity partition
Using int type for sector index, there will be overflow in a large
capacity part…
New
|
-
|
CVE-2022-48665
|
2024-04-28 22:15 |
2024-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
90
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
gpio: mockup: fix NULL pointer dereference when removing debugfs
We now remove the device's debugfs entries when unbinding the dr…
New
|
-
|
CVE-2022-48663
|
2024-04-28 22:15 |
2024-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
91
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Fix a use-after-free
There are two .exit_cmd_priv implementations. Both implementations use
resources associated with…
New
|
-
|
CVE-2022-48666
|
2024-04-28 22:15 |
2024-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
92
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix hang during unmount when stopping a space reclaim worker
Often when running generic/562 from fstests we can hang durin…
New
|
-
|
CVE-2022-48664
|
2024-04-28 22:15 |
2024-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
93
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
gpio: mockup: Fix potential resource leakage when register a chip
If creation of software node fails, the locally allocated strin…
New
|
-
|
CVE-2022-48661
|
2024-04-28 22:15 |
2024-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
94
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
arm64: topology: fix possible overflow in amu_fie_setup()
cpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int…
New
|
-
|
CVE-2022-48657
|
2024-04-28 22:15 |
2024-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
95
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get()
We should call of_node_put() for the reference return…
New
|
-
|
CVE-2022-48656
|
2024-04-28 22:15 |
2024-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
96
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Harden accesses to the reset domains
Accessing reset domains descriptors by the index upon the SCMI drivers
r…
New
|
-
|
CVE-2022-48655
|
2024-04-28 22:15 |
2024-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
97
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gem: Really move i915_gem_context.link under ref protection
i915_perf assumes that it can use the i915_gem_context refer…
New
|
-
|
CVE-2022-48662
|
2024-04-28 22:15 |
2024-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
98
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
When running gpio test on nxp-ls1028 platform with below …
New
|
-
|
CVE-2022-48660
|
2024-04-28 22:15 |
2024-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
99
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
nf_osf_find() incorrectly returns true on mismatch, this lead…
New
|
-
|
CVE-2022-48654
|
2024-04-28 22:15 |
2024-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
100
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
Commit 8f394da36a36 ("scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_T…
New
|
-
|
CVE-2022-48650
|
2024-04-28 22:15 |
2024-04-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|