|
250611
|
9.8 |
CRITICAL
Network
|
brx8r
|
nice_backgrounds
|
Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through 1.0.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-49330
|
2024-10-25 01:01 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250612
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
Smatch report warning as follows:
drivers/hwmon/ibmpex.c:509 i…
|
CWE-416
Use After Free
|
CVE-2022-49029
|
2024-10-25 00:59 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250613
|
8.8 |
HIGH
Network
|
myriadsolutionz
|
property_lot_management_system
|
Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management S…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-49331
|
2024-10-25 00:54 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250614
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ixgbevf: Fix resource leak in ixgbevf_init_module()
ixgbevf_init_module() won't destroy the workqueue created by
create_singlethr…
|
CWE-459
Incomplete Cleanup
|
CVE-2022-49028
|
2024-10-25 00:51 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250615
|
9.8 |
CRITICAL
Network
|
giveawayboost
|
giveaway_boost
|
Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-49332
|
2024-10-25 00:49 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250616
|
9.8 |
CRITICAL
Network
|
redwanhilali
|
wp_dropbox_dropins
|
Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-49607
|
2024-10-25 00:47 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250617
|
8.8 |
HIGH
Network
|
gerryntabuhashe
|
gerryworks_post_by_mail
|
: Incorrect Privilege Assignment vulnerability in Gerry Ntabuhashe GERRYWORKS Post by Mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through 1.0.
|
NVD-CWE-noinfo
|
CVE-2024-49608
|
2024-10-25 00:42 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250618
|
9.8 |
CRITICAL
Network
|
jackzhu
|
photokit
|
Unrestricted Upload of File with Dangerous Type vulnerability in Jack Zhu allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through 1.0.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-49610
|
2024-10-25 00:38 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250619
|
8.8 |
HIGH
Network
|
apa
|
apa_register_newsletter_form
|
Cross-Site Request Forgery (CSRF) vulnerability in Apa APA Register Newsletter Form allows SQL Injection.This issue affects APA Register Newsletter Form: from n/a through 1.0.0.
|
CWE-352
Origin Validation Error
|
CVE-2024-49621
|
2024-10-25 00:35 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250620
|
8.8 |
HIGH
Network
|
infotuts
|
sw_contact_form
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infotuts SW Contact Form allows Blind SQL Injection.This issue affects SW Contact Form: from n/a …
|
CWE-89
SQL Injection
|
CVE-2024-49612
|
2024-10-25 00:33 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
