|
303721
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
The per-netns IP tunnel hash table is protected by the RTNL…
|
-
|
CVE-2024-50304
|
2024-11-20 03:15 |
2024-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303722
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
resource,kexec: walk_system_ram_res_rev must retain resource flags
walk_system_ram_res_rev() erroneously discards resource flags …
|
-
|
CVE-2024-50303
|
2024-11-20 03:15 |
2024-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303723
|
- |
|
-
|
-
|
The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a comm…
|
-
|
CVE-2024-42450
|
2024-11-20 03:15 |
2024-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303724
|
9.8 |
CRITICAL
Network
|
wpdeveloper
|
reviewx
|
Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28.
|
CWE-862
Missing Authorization
|
CVE-2024-43323
|
2024-11-20 03:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303725
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe For…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43211
|
2024-11-20 03:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303726
|
- |
|
-
|
-
|
Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9.
|
CWE-862
Missing Authorization
|
CVE-2024-37204
|
2024-11-20 03:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303727
|
- |
|
-
|
-
|
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through 3.2.…
|
CWE-862
Missing Authorization
|
CVE-2024-37094
|
2024-11-20 03:15 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303728
|
7.2 |
HIGH
Network
|
craftcms
|
craft_cms
|
Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This e…
|
CWE-22
Path Traversal
|
CVE-2024-52291
|
2024-11-20 03:06 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303729
|
4.8 |
MEDIUM
Network
|
webkul
|
unopim
|
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account wi…
|
CWE-616
CWE-692
Incomplete Identification of Uploaded File Variables (PHP)
Incomplete Denylist to Cross-Site Scripting
|
CVE-2024-52305
|
2024-11-20 03:04 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303730
|
7.5 |
HIGH
Network
|
cesanta
|
mongoose
|
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.
|
NVD-CWE-Other
|
CVE-2024-42392
|
2024-11-20 02:55 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
