|
305831
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Fix crash when replugging CSR fake controllers
It seems fake CSR 5.0 clones can cause the suspend notifier to be
regis…
|
NVD-CWE-noinfo
|
CVE-2022-48982
|
2024-10-26 03:12 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305832
|
- |
|
-
|
-
|
In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution …
|
-
|
CVE-2024-44098
|
2024-10-26 02:35 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305833
|
- |
|
-
|
-
|
Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them t…
|
-
|
CVE-2023-48082
|
2024-10-26 02:15 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305834
|
8.1 |
HIGH
Network
|
google
|
chrome
|
Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
|
NVD-CWE-noinfo
|
CVE-2024-10229
|
2024-10-26 02:04 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305835
|
9.8 |
CRITICAL
Network
|
keith-cullen
|
freecoap
|
Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a s…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-40493
|
2024-10-26 02:01 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305836
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
CWE-843
Type Confusion
|
CVE-2024-10231
|
2024-10-26 02:01 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305837
|
9.8 |
CRITICAL
Network
|
janobe
|
online_complaint_site
|
SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.
|
CWE-89
SQL Injection
|
CVE-2024-44812
|
2024-10-26 01:56 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305838
|
5.0 |
MEDIUM
Local
|
loan_management_system_project
|
loan_management_system
|
itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in …
|
CWE-79
Cross-site Scripting
|
CVE-2024-48415
|
2024-10-26 01:55 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305839
|
9.8 |
CRITICAL
Network
|
properfraction
|
profilepress
|
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by t…
|
CWE-287
Improper Authentication
|
CVE-2024-9947
|
2024-10-26 01:53 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305840
|
4.8 |
MEDIUM
Network
|
tuzitio
|
camaleon_cms
|
Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.
|
CWE-79
Cross-site Scripting
|
CVE-2024-48652
|
2024-10-26 01:51 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
