|
256781
|
8.8 |
HIGH
Network
|
symphonyfintech
|
xts_mobile_trader
xts_web_trader
|
This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remot…
|
NVD-CWE-Other
|
CVE-2024-45587
|
2024-09-4 21:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256782
|
8.8 |
HIGH
Network
|
symphonyfintech
|
xts_mobile_trader
xts_web_trader
|
This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote…
|
NVD-CWE-Other
|
CVE-2024-45586
|
2024-09-4 21:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256783
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
kcm: Serialise kcm_sendmsg() for the same socket.
syzkaller reported UAF in kcm_release(). [0]
The scenario is
1. Thread A bu…
|
CWE-416
Use After Free
|
CVE-2024-44946
|
2024-09-4 21:15 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256784
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Add error handling to pair_device()
hci_conn_params_add() never checks for a NULL value and could lead to a NULL…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-43884
|
2024-09-4 21:15 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256785
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix extent map use-after-free when adding pages to compressed bio
At add_ra_bio_pages() we are accessing the extent map to…
|
CWE-416
Use After Free
|
CVE-2024-42314
|
2024-09-4 21:15 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256786
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
cgroup/cpuset: Prevent UAF in proc_cpuset_show()
An UAF can happen when /proc/cpuset is read as reported in [1].
This can be rep…
|
CWE-416
Use After Free
|
CVE-2024-43853
|
2024-09-4 21:15 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256787
|
9.8 |
CRITICAL
Network
|
easytest
|
easytest_online_test_platform
|
SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter.
|
CWE-89
SQL Injection
|
CVE-2024-43772
|
2024-09-4 21:11 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256788
|
4.3 |
MEDIUM
Network
|
majeedraza
|
carousel_slider
|
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Sl…
|
CWE-352
Origin Validation Error
|
CVE-2024-45270
|
2024-09-4 20:51 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256789
|
4.3 |
MEDIUM
Network
|
majeedraza
|
carousel_slider
|
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carouse…
|
CWE-352
Origin Validation Error
|
CVE-2024-45269
|
2024-09-4 20:49 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256790
|
4.7 |
MEDIUM
Network
|
code-projects
|
pharmacy_management_system
|
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the compone…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8366
|
2024-09-4 20:26 |
2024-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
