|
248831
|
- |
|
-
|
-
|
changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This…
|
CWE-22
Path Traversal
|
CVE-2024-51998
|
2024-11-8 09:15 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248832
|
- |
|
-
|
-
|
Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by `AddUserAccessTokenHttpClient` may use a different us…
|
CWE-270
Privilege Context Switching Error
|
CVE-2024-51987
|
2024-11-8 09:15 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248833
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: pse-pd: Fix out of bound for loop
Adjust the loop limit to prevent out-of-bounds access when iterating over
PI structures. T…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-50129
|
2024-11-8 06:49 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248834
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tracing/probes: Fix MAX_TRACE_ARGS limit handling
When creating a trace_probe we would set nr_args prior to truncating the
argume…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-50132
|
2024-11-8 06:32 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248835
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: Don't crash in stack_top() for tasks without vDSO
Not all tasks have a vDSO mapped, for example kthreads never do. If …
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-50133
|
2024-11-8 06:17 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248836
|
4.8 |
MEDIUM
Network
|
kevonadonis
|
wp_abstracts
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a thro…
|
CWE-79
Cross-site Scripting
|
CVE-2024-50411
|
2024-11-8 06:09 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248837
|
6.1 |
MEDIUM
Network
|
rafasashi
|
todo_custom_field
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rafasashi Todo Custom Field allows Reflected XSS.This issue affects Todo Custom Field: fro…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49642
|
2024-11-8 05:59 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248838
|
5.4 |
MEDIUM
Network
|
basticom
|
framework
|
The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.0 due to insufficient input sanitization and ou…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9443
|
2024-11-8 05:56 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248839
|
- |
|
-
|
-
|
An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application.
|
-
|
CVE-2024-51358
|
2024-11-8 05:35 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248840
|
4.3 |
MEDIUM
Network
|
shaon
|
post_from_frontend
|
The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-9689
|
2024-11-8 05:35 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
