|
312041
|
6.5 |
MEDIUM
Network
|
gethomepage
|
homepage
|
Homepage is a highly customizable homepage with Docker and service API integrations. The default setup of homepage 0.9.1 is vulnerable to DNS rebinding. Homepage is setup without certificate and auth…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2024-42364
|
2024-09-13 03:20 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312042
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
nfs: pass explicit offset/count to trace events
nfs_folio_length is unsafe to use without having the folio locked and a
check for…
|
-
|
CVE-2024-43826
|
2024-09-13 03:15 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312043
|
7.3 |
HIGH
Local
|
intel
|
virtual_raid_on_cpu
|
Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-23489
|
2024-09-13 03:11 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312044
|
5.3 |
MEDIUM
Network
|
softlabbd
|
radio_player
|
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_settings function in versions up to, and including, 2.0.73. Th…
|
CWE-862
Missing Authorization
|
CVE-2023-4027
|
2024-09-13 02:53 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312045
|
6.7 |
MEDIUM
Local
|
hwameistor
|
hwameistor
|
Hwameistor is an HA local storage system for cloud-native stateful workloads. This ClusterRole has * verbs of * resources. If a malicious user can access the worker node which has hwameistor's deploy…
|
NVD-CWE-noinfo
|
CVE-2024-45054
|
2024-09-13 02:50 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312046
|
7.5 |
HIGH
Network
|
clamav
|
clamav
|
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-20505
|
2024-09-13 02:28 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312047
|
9.8 |
CRITICAL
Network
|
mi
|
getapps
|
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability t…
|
NVD-CWE-noinfo
|
CVE-2023-26324
|
2024-09-13 02:27 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312048
|
9.8 |
CRITICAL
Network
|
mi
|
getapps
|
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability t…
|
NVD-CWE-noinfo
|
CVE-2023-26322
|
2024-09-13 02:27 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312049
|
6.1 |
MEDIUM
Local
|
clamav
|
clamav
|
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versio…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2024-20506
|
2024-09-13 02:26 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312050
|
9.8 |
CRITICAL
Network
|
mi
|
app_market
|
A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.
|
NVD-CWE-noinfo
|
CVE-2023-26323
|
2024-09-13 02:22 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
