|
312091
|
7.8 |
HIGH
Local
|
autodesk
|
navisworks
|
A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitra…
|
CWE-416
Use After Free
|
CVE-2024-7675
|
2024-10-8 03:34 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312092
|
7.8 |
HIGH
Local
|
autodesk
|
navisworks
|
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or e…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-7674
|
2024-10-8 03:34 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312093
|
7.8 |
HIGH
Local
|
autodesk
|
navisworks
|
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or ex…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-7673
|
2024-10-8 03:34 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312094
|
7.8 |
HIGH
Local
|
autodesk
|
navisworks
|
A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write se…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-7671
|
2024-10-8 03:34 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312095
|
9.8 |
CRITICAL
Network
|
redefiningtheweb
|
affiliate_pro
|
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callbac…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-9289
|
2024-10-8 03:25 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312096
|
7.4 |
HIGH
Adjacent
|
cisco
|
ios_xr
|
A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause …
|
NVD-CWE-noinfo
|
CVE-2024-20406
|
2024-10-8 02:56 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312097
|
5.3 |
MEDIUM
Network
|
cisco
|
ios_xr
|
A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751.
This vu…
|
NVD-CWE-Other
|
CVE-2024-20390
|
2024-10-8 02:51 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312098
|
7.2 |
HIGH
Network
|
-
|
-
|
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted inp…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-9314
|
2024-10-8 02:48 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312099
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' f…
|
CWE-862
Missing Authorization
|
CVE-2024-9161
|
2024-10-8 02:48 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312100
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions …
|
-
|
CVE-2024-8486
|
2024-10-8 02:48 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
