|
249121
|
5.4 |
MEDIUM
Network
|
themepunch
|
slider_revolution
|
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.7.18 due to insufficient input sanitization and ou…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8107
|
2024-11-14 03:06 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249122
|
5.4 |
MEDIUM
Network
|
benjaminzekavica
|
easy_svg_support
|
The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.7 due to insufficient input sanitization a…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10269
|
2024-11-14 02:59 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249123
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Check if more than chunk-size bytes are written
A incorrectly formatted chunk may decompress into
more than LZNT_CHUNK_…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-50247
|
2024-11-14 02:58 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249124
|
7.2 |
HIGH
Network
|
wavlink
|
wn530h4_firmware
wn530hg4_firmware
wn572hg3_firmware
|
A vulnerability classified as critical has been found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. Affected is the function set_ipv6 of the file internet.cgi. The manipulation of the arg…
|
CWE-77
Command Injection
|
CVE-2024-10429
|
2024-11-14 02:58 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249125
|
7.2 |
HIGH
Network
|
wavlink
|
wn530h4_firmware
wn530hg4_firmware
wn572hg3_firmware
|
A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been rated as critical. This issue affects the function set_ipv6 of the file firewall.cgi. The manipulation …
|
CWE-77
Command Injection
|
CVE-2024-10428
|
2024-11-14 02:57 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249126
|
4.3 |
MEDIUM
Network
|
jenkins
|
jenkins
|
Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-47803
|
2024-11-14 02:45 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249127
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Add rough attr alloc_size check
|
NVD-CWE-noinfo
|
CVE-2024-50246
|
2024-11-14 02:38 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249128
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nvmet-auth: assign dh_key to NULL after kfree_sensitive
ctrl->dh_key might be used across multiple calls to nvmet_setup_dhgroup()…
|
CWE-415
Double Free
|
CVE-2024-50215
|
2024-11-14 02:35 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249129
|
7.5 |
HIGH
Network
|
jenkins
|
credentials
|
Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item `confi…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-47805
|
2024-11-14 02:32 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249130
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix possible deadlock in mi_read
Mutex lock with another subclass used in ni_lock_dir().
|
NVD-CWE-noinfo
|
CVE-2024-50245
|
2024-11-14 02:29 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
