|
307771
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check msg_id before processing transcation
[WHY & HOW]
HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is…
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46814
|
2024-10-5 02:27 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307772
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check gpio_id before used as array index
[WHY & HOW]
GPIO_ID_UNKNOWN (-1) is not a valid value for array index a…
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-46818
|
2024-10-5 02:18 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307773
|
7.2 |
HIGH
Network
|
givewp
|
givewp
|
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.16.1 due to insu…
|
CWE-89
SQL Injection
|
CVE-2024-9130
|
2024-10-5 02:18 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307774
|
9.8 |
CRITICAL
Network
|
tendacn
|
g3_firmware
|
Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function.
|
CWE-78
OS Command
|
CVE-2024-46628
|
2024-10-5 02:18 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307775
|
6.1 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privileg…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7354
|
2024-10-5 02:16 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307776
|
6.1 |
MEDIUM
Network
|
projectcaruso
|
flaming_forms
|
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators.
|
CWE-79
Cross-site Scripting
|
CVE-2024-7691
|
2024-10-5 02:15 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307777
|
7.5 |
HIGH
Network
|
oceanicsoft
|
valeapp
|
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).This issue affects ValeApp: …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-8644
|
2024-10-5 02:14 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307778
|
9.8 |
CRITICAL
Network
|
oceanicsoft
|
valeapp
|
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0.
|
CWE-384
Session Fixation
|
CVE-2024-8643
|
2024-10-5 02:14 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307779
|
6.1 |
MEDIUM
Network
|
projectcaruso
|
flaming_forms
|
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agains…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7692
|
2024-10-5 02:14 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307780
|
7.5 |
HIGH
Network
|
oceanicsoft
|
valeapp
|
Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information.This issue affects ValeApp: before v2.0.0.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-8609
|
2024-10-5 02:12 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
