|
256321
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
-
|
CVE-2024-42334
|
2024-09-8 21:15 |
2024-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256322
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to truncate preallocated blocks in f2fs_file_open()
chenyuwen reports a f2fs bug as below:
Unable to handle kernel NUL…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-43859
|
2024-09-8 17:15 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256323
|
9.8 |
CRITICAL
Network
|
ibm
|
security_directory_integrator
security_verify_directory_integrator
|
IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a sign…
|
NVD-CWE-noinfo
|
CVE-2022-33162
|
2024-09-7 22:15 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256324
|
9.8 |
CRITICAL
Network
|
oretnom23
|
clinic\'s_patient_management_system
|
A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Affected by this issue is the function patient_name of the file patients.php…
|
CWE-89
SQL Injection
|
CVE-2024-7454
|
2024-09-7 21:56 |
2024-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256325
|
9.8 |
CRITICAL
Network
|
onesoftnet
|
sudobot
|
SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the `-config` command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of …
|
CWE-862
Missing Authorization
|
CVE-2024-45307
|
2024-09-7 10:34 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256326
|
6.1 |
MEDIUM
Network
|
xiebruce
|
picuploader
|
A cross-site scripting (XSS) vulnerability in the component /auth/AzureRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injec…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44796
|
2024-09-7 08:35 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256327
|
8.8 |
HIGH
Network
|
roxy-wi
|
roxy-wi
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. An OS Command Injection vulnerability allows any authenticated user on the application to execute arbitrary code…
|
CWE-78
OS Command
|
CVE-2024-43804
|
2024-09-7 07:57 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256328
|
8.1 |
HIGH
Network
|
getkirby
|
kirby
|
Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and de…
|
CWE-863
Incorrect Authorization
|
CVE-2024-41964
|
2024-09-7 07:56 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256329
|
5.4 |
MEDIUM
Network
|
seacms
|
seacms
|
A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad descript…
|
CWE-79
Cross-site Scripting
|
CVE-2024-44919
|
2024-09-7 07:54 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256330
|
9.8 |
CRITICAL
Network
|
deltaww
|
dtn_soft
|
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8255
|
2024-09-7 07:53 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
