|
305121
|
6.5 |
MEDIUM
Network
|
eclipse
|
jetty
|
Jetty PushSessionCacheFilter can be exploited by unauthenticated users
to launch remote DoS attacks by exhausting the server’s memory.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-6762
|
2024-11-9 06:29 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305122
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too
Stuart Hayhurst has found that both at bootup and fullscreen VA-API vide…
|
NVD-CWE-noinfo
|
CVE-2024-50108
|
2024-11-9 06:28 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305123
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses
Commit 50c6dbdfd16e ("x86/ioremap: Improve iounm…
|
NVD-CWE-noinfo
|
CVE-2024-50107
|
2024-11-9 06:27 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305124
|
7.2 |
HIGH
Network
|
netgear
|
ex3700_firmware
|
Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 a…
|
CWE-77
Command Injection
|
CVE-2024-35522
|
2024-11-9 06:25 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305125
|
7.2 |
HIGH
Network
|
netgear
|
xr1000_firmware
|
Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter.
|
CWE-77
Command Injection
|
CVE-2024-35517
|
2024-11-9 06:24 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305126
|
7.5 |
HIGH
Network
|
everestthemes
|
everest_backup
|
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via …
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-10028
|
2024-11-9 06:21 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305127
|
6.1 |
MEDIUM
Network
|
westguardsolutions
|
ws_form
|
The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10647
|
2024-11-9 06:20 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305128
|
4.3 |
MEDIUM
Network
|
tumult
|
tumult_hype_animations
|
The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and inc…
|
CWE-862
Missing Authorization
|
CVE-2024-10543
|
2024-11-9 06:19 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305129
|
5.3 |
MEDIUM
Network
|
martinvalchev
|
video_gallery_for_woocommerce
|
The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions …
|
CWE-862
Missing Authorization
|
CVE-2024-10535
|
2024-11-9 06:19 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305130
|
8.1 |
HIGH
Network
|
heateor
|
social_login
|
The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being…
|
NVD-CWE-noinfo
|
CVE-2024-10020
|
2024-11-9 06:19 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
