|
308311
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An attacker may be able to view restricted content from the lock screen.
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2024-44174
|
2024-10-31 01:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308312
|
3.3 |
LOW
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A malicious app may be able to change network settings.
|
NVD-CWE-noinfo
|
CVE-2024-40792
|
2024-10-31 01:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308313
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
NVD-CWE-noinfo
|
CVE-2024-7976
|
2024-10-31 01:35 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308314
|
7.5 |
HIGH
Network
|
wpchill
|
download_monitor
|
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7…
|
CWE-862
Missing Authorization
|
CVE-2022-4972
|
2024-10-31 01:34 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308315
|
4.9 |
MEDIUM
Network
|
mayurik
|
petrol_pump_management
|
A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/print.php. The ma…
|
CWE-89
SQL Injection
|
CVE-2024-10354
|
2024-10-31 01:32 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308316
|
7.2 |
HIGH
Network
|
oretnom23
|
online_exam_system
|
A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /admin-dashboard. The manipulation leads to improper access…
|
NVD-CWE-noinfo
|
CVE-2024-10353
|
2024-10-31 01:21 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308317
|
6.1 |
MEDIUM
Network
|
archerirm
|
archer
|
Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. A remote unauthenticated attacker could potentially exploit this by tricking a vic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49210
|
2024-10-31 01:13 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308318
|
6.1 |
MEDIUM
Network
|
archerirm
|
archer
|
Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. A remote unauthenticated attacker could potentially exploit this by tricking…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49211
|
2024-10-31 01:08 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308319
|
5.4 |
MEDIUM
Network
|
wordpress
|
wordpress
|
WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consist…
|
CWE-79
Cross-site Scripting
|
CVE-2022-4973
|
2024-10-31 00:58 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308320
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ublk: don't allow user copy for unprivileged device
UBLK_F_USER_COPY requires userspace to call write() on ublk char
device for f…
|
NVD-CWE-noinfo
|
CVE-2024-50080
|
2024-10-31 00:54 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
