|
307601
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauth…
|
CWE-863
Incorrect Authorization
|
CVE-2024-8974
|
2024-10-5 02:30 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307602
|
7.5 |
HIGH
Network
|
ays-pro
|
chatgpt_assistant
|
The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 discloses the Open AI API Key, allowing unauthenticated users to obtain it
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-7713
|
2024-10-5 02:28 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307603
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check msg_id before processing transcation
[WHY & HOW]
HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is…
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46814
|
2024-10-5 02:27 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307604
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check gpio_id before used as array index
[WHY & HOW]
GPIO_ID_UNKNOWN (-1) is not a valid value for array index a…
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46818
|
2024-10-5 02:18 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307605
|
7.2 |
HIGH
Network
|
givewp
|
givewp
|
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insu…
|
CWE-89
SQL Injection
|
CVE-2024-9130
|
2024-10-5 02:18 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307606
|
9.8 |
CRITICAL
Network
|
tendacn
|
g3_firmware
|
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function.
|
CWE-78
OS Command
|
CVE-2024-46628
|
2024-10-5 02:18 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307607
|
6.1 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privileg…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7354
|
2024-10-5 02:16 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307608
|
6.1 |
MEDIUM
Network
|
projectcaruso
|
flaming_forms
|
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators.
|
CWE-79
Cross-site Scripting
|
CVE-2024-7691
|
2024-10-5 02:15 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307609
|
7.5 |
HIGH
Network
|
oceanicsoft
|
valeapp
|
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).This issue affects ValeApp: …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-8644
|
2024-10-5 02:14 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307610
|
9.8 |
CRITICAL
Network
|
oceanicsoft
|
valeapp
|
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0.
|
CWE-384
Session Fixation
|
CVE-2024-8643
|
2024-10-5 02:14 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
