|
306951
|
5.4 |
MEDIUM
Network
|
essamamdani
|
advanced_blocks_pro
|
The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and o…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9074
|
2024-10-15 23:37 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306952
|
6.1 |
MEDIUM
Network
|
esri
|
portal_for_arcgis
|
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1, 10.9.1 and 10.8.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could …
|
CWE-79
Cross-site Scripting
|
CVE-2024-25691
|
2024-10-15 23:35 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306953
|
4.4 |
MEDIUM
Local
|
google
|
android
|
there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploi…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2024-44096
|
2024-10-15 23:35 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306954
|
7.8 |
HIGH
Local
|
google
|
android
|
In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileg…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-44095
|
2024-10-15 23:35 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306955
|
9.8 |
CRITICAL
Network
|
tenda
|
ch22_firmware
|
Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46045
|
2024-10-15 23:35 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306956
|
7.8 |
HIGH
Local
|
philiphazel
|
xfpt
|
xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is trick…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-43700
|
2024-10-15 23:35 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306957
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-8198
|
2024-10-15 23:35 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306958
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
CWE-787
Out-of-bounds Write
|
CVE-2024-7534
|
2024-10-15 23:35 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306959
|
5.4 |
MEDIUM
Network
|
wpuserplus
|
userplus
|
The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.…
|
CWE-862
Missing Authorization
|
CVE-2024-9520
|
2024-10-15 23:34 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306960
|
5.4 |
MEDIUM
Network
|
esri
|
portal_for_arcgis
|
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arb…
|
CWE-79
Cross-site Scripting
|
CVE-2024-38039
|
2024-10-15 23:34 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
