|
308251
|
9.8 |
CRITICAL
Network
|
tenda
|
ch22_firmware
|
Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46045
|
2024-10-15 23:35 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308252
|
7.8 |
HIGH
Local
|
philiphazel
|
xfpt
|
xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is trick…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-43700
|
2024-10-15 23:35 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308253
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-8198
|
2024-10-15 23:35 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308254
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
CWE-787
Out-of-bounds Write
|
CVE-2024-7534
|
2024-10-15 23:35 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308255
|
5.4 |
MEDIUM
Network
|
wpuserplus
|
userplus
|
The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.…
|
CWE-862
Missing Authorization
|
CVE-2024-9520
|
2024-10-15 23:34 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308256
|
5.4 |
MEDIUM
Network
|
esri
|
portal_for_arcgis
|
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arb…
|
CWE-79
Cross-site Scripting
|
CVE-2024-38039
|
2024-10-15 23:34 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308257
|
6.1 |
MEDIUM
Network
|
esri
|
portal_for_arcgis
|
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary …
|
CWE-601
Open Redirect
|
CVE-2024-38037
|
2024-10-15 23:34 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308258
|
5.4 |
MEDIUM
Network
|
esri
|
portal_for_arcgis
|
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked coul…
|
CWE-79
Cross-site Scripting
|
CVE-2024-38036
|
2024-10-15 23:34 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308259
|
4.8 |
MEDIUM
Network
|
esri
|
portal_for_arcgis
|
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted strin…
|
CWE-79
Cross-site Scripting
|
CVE-2024-25707
|
2024-10-15 23:34 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308260
|
6.1 |
MEDIUM
Network
|
esri
|
portal_for_arcgis
|
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked coul…
|
CWE-79
Cross-site Scripting
|
CVE-2024-38038
|
2024-10-15 23:33 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
