|
256491
|
9.8 |
CRITICAL
Network
|
ruoyi
|
ruoyi
|
RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.
|
CWE-89
SQL Injection
|
CVE-2024-42913
|
2024-09-6 03:31 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256492
|
9.8 |
CRITICAL
Network
|
skyss
|
arfa-cms
|
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter.
|
CWE-89
SQL Injection
|
CVE-2024-45265
|
2024-09-6 03:30 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256493
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses
Currently, it's possible to pass in a modified…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-43910
|
2024-09-6 03:30 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256494
|
6.1 |
MEDIUM
Network
|
testlink
|
testlink
|
TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name.
|
CWE-79
Cross-site Scripting
|
CVE-2024-42906
|
2024-09-6 03:29 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256495
|
7.5 |
HIGH
Network
|
gl-inet
|
mt6000_firmware
x3000_firmware
xe3000_firmware
a1300_firmware
ax1800_firmware
axt1800_firmware
mt2500_firmware
mt3000_firmware
xe300_firmware
x750_firmware
sft1200_firmw…
|
A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports …
|
NVD-CWE-noinfo
|
CVE-2024-28077
|
2024-09-6 03:29 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256496
|
6.1 |
MEDIUM
Network
|
xiebruce
|
picuploader
|
A cross-site scripting (XSS) vulnerability in the component /master/auth/OnedriveRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted pay…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44794
|
2024-09-6 03:28 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256497
|
6.1 |
MEDIUM
Network
|
gazelle_project
|
gazelle
|
A cross-site scripting (XSS) vulnerability in the component /managers/multiple_freeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload …
|
CWE-79
Cross-site Scripting
|
CVE-2024-44793
|
2024-09-6 03:28 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256498
|
6.1 |
MEDIUM
Network
|
gazelle_project
|
gazelle
|
A cross-site scripting (XSS) vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44795
|
2024-09-6 03:26 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256499
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: nl80211: disallow setting special AP channel widths
Setting the AP channel width is meant for use with the normal
20/40/...…
|
NVD-CWE-noinfo
|
CVE-2024-43912
|
2024-09-6 03:19 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256500
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nvme: apple: fix device reference counting
Drivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl.
Split the alloca…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-43913
|
2024-09-6 03:12 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
