Lucene search

K

Newsletter – Send Awesome Emails From WordPress Security Vulnerabilities

cve
cve

CVE-2024-36479

In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...

6.7AI Score

0.0004EPSS

2024-06-24 02:15 PM
9
cve
cve

CVE-2024-38384

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE ->lqueued __blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start is being executed. If WRITE of ->lqueued is re-ordered with READ of 'bisc->lnod...

6.7AI Score

0.0004EPSS

2024-06-24 02:15 PM
10
debiancve
debiancve

CVE-2024-37026

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for usm migrate exec queue The GuC context scheduling queue is 2 entires deep, thus it is possible for a migration job to be stuck behind a fault if migration exec queue shares engines...

6.6AI Score

0.0004EPSS

2024-06-24 02:15 PM
1
debiancve
debiancve

CVE-2024-38384

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE ->lqueued __blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start is being executed. If WRITE of ->lqueued is re-ordered with READ of...

6.6AI Score

0.0004EPSS

2024-06-24 02:15 PM
debiancve
debiancve

CVE-2024-36479

In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...

6.8AI Score

0.0004EPSS

2024-06-24 02:15 PM
1
cve
cve

CVE-2024-38663

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"), each iostat instance is added to blkcg percpu list, so blkcg_reset_stats() can't reset the stat...

6.7AI Score

0.0004EPSS

2024-06-24 02:15 PM
8
cve
cve

CVE-2024-37021

In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...

6.7AI Score

0.0004EPSS

2024-06-24 02:15 PM
7
nvd
nvd

CVE-2024-38663

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"), each iostat instance is added to blkcg percpu list, so blkcg_reset_stats() can't reset the stat...

0.0004EPSS

2024-06-24 02:15 PM
3
nvd
nvd

CVE-2024-37021

In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...

0.0004EPSS

2024-06-24 02:15 PM
2
cve
cve

CVE-2024-37026

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for usm migrate exec queue The GuC context scheduling queue is 2 entires deep, thus it is possible for a migration job to be stuck behind a fault if migration exec queue shares engines with.....

6.5AI Score

0.0004EPSS

2024-06-24 02:15 PM
9
debiancve
debiancve

CVE-2024-34030

In the Linux kernel, the following vulnerability has been resolved: PCI: of_property: Return error for int_map allocation failure Return -ENOMEM from of_pci_prop_intr_map() if kcalloc() fails to prevent a NULL pointer dereference in this case. [bhelgaas: commit...

6.5AI Score

0.0004EPSS

2024-06-24 02:15 PM
nvd
nvd

CVE-2024-34030

In the Linux kernel, the following vulnerability has been resolved: PCI: of_property: Return error for int_map allocation failure Return -ENOMEM from of_pci_prop_intr_map() if kcalloc() fails to prevent a NULL pointer dereference in this case. [bhelgaas: commit...

0.0004EPSS

2024-06-24 02:15 PM
1
cve
cve

CVE-2024-34030

In the Linux kernel, the following vulnerability has been resolved: PCI: of_property: Return error for int_map allocation failure Return -ENOMEM from of_pci_prop_intr_map() if kcalloc() fails to prevent a NULL pointer dereference in this case. [bhelgaas: commit...

6.5AI Score

0.0004EPSS

2024-06-24 02:15 PM
8
cvelist
cvelist

CVE-2024-37021 fpga: manager: add owner module and take its refcount

In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...

0.0004EPSS

2024-06-24 01:56 PM
3
cvelist
cvelist

CVE-2024-37026 drm/xe: Only use reserved BCS instances for usm migrate exec queue

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for usm migrate exec queue The GuC context scheduling queue is 2 entires deep, thus it is possible for a migration job to be stuck behind a fault if migration exec queue shares engines with.....

0.0004EPSS

2024-06-24 01:56 PM
5
cvelist
cvelist

CVE-2024-36479 fpga: bridge: add owner module and take its refcount

In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...

0.0004EPSS

2024-06-24 01:56 PM
3
cvelist
cvelist

CVE-2024-34030 PCI: of_property: Return error for int_map allocation failure

In the Linux kernel, the following vulnerability has been resolved: PCI: of_property: Return error for int_map allocation failure Return -ENOMEM from of_pci_prop_intr_map() if kcalloc() fails to prevent a NULL pointer dereference in this case. [bhelgaas: commit...

0.0004EPSS

2024-06-24 01:56 PM
1
nuclei
nuclei

3DPrint Lite < 1.9.1.5 - Arbitrary File Upload

The plugin does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as...

9.8CVSS

7.1AI Score

0.188EPSS

2024-06-24 01:55 PM
cvelist
cvelist

CVE-2024-39291 drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using the snprintf...

0.0004EPSS

2024-06-24 01:52 PM
4
cvelist
cvelist

CVE-2024-4748 RCE in Cruddiy

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

8.8CVSS

0.0004EPSS

2024-06-24 01:52 PM
4
vulnrichment
vulnrichment

CVE-2024-4748 RCE in Cruddiy

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

8.8CVSS

8.9AI Score

0.0004EPSS

2024-06-24 01:52 PM
thn
thn

Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool

Cybersecurity researchers have detailed a now-patched security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud...

10CVSS

8.1AI Score

EPSS

2024-06-24 01:52 PM
19
cvelist
cvelist

CVE-2024-38664 drm: zynqmp_dpsub: Always register bridge

In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dpsub: Always register bridge We must always register the DRM bridge, since zynqmp_dp_hpd_work_func calls drm_bridge_hpd_notify, which in turn expects hpd_mutex to be initialized. We do this before...

0.0004EPSS

2024-06-24 01:50 PM
4
vulnrichment
vulnrichment

CVE-2024-38664 drm: zynqmp_dpsub: Always register bridge

In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dpsub: Always register bridge We must always register the DRM bridge, since zynqmp_dp_hpd_work_func calls drm_bridge_hpd_notify, which in turn expects hpd_mutex to be initialized. We do this before...

6.8AI Score

0.0004EPSS

2024-06-24 01:50 PM
2
vulnrichment
vulnrichment

CVE-2024-38384 blk-cgroup: fix list corruption from reorder of WRITE ->lqueued

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE -&gt;lqueued __blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start is being executed. If WRITE of -&gt;lqueued is re-ordered with READ of 'bisc-&gt;lnod...

7.1AI Score

0.0004EPSS

2024-06-24 01:50 PM
cvelist
cvelist

CVE-2024-38384 blk-cgroup: fix list corruption from reorder of WRITE ->lqueued

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE -&gt;lqueued __blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start is being executed. If WRITE of -&gt;lqueued is re-ordered with READ of 'bisc-&gt;lnod...

0.0004EPSS

2024-06-24 01:50 PM
3
cvelist
cvelist

CVE-2024-38663 blk-cgroup: fix list corruption from resetting io stat

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"), each iostat instance is added to blkcg percpu list, so blkcg_reset_stats() can't reset the stat...

0.0004EPSS

2024-06-24 01:50 PM
3
vulnrichment
vulnrichment

CVE-2024-38663 blk-cgroup: fix list corruption from resetting io stat

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"), each iostat instance is added to blkcg percpu list, so blkcg_reset_stats() can't reset the stat...

7.1AI Score

0.0004EPSS

2024-06-24 01:50 PM
cve
cve

CVE-2024-37231

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...

8.6CVSS

8.6AI Score

0.0004EPSS

2024-06-24 01:15 PM
9
cve
cve

CVE-2024-37233

Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through...

4.3CVSS

4.8AI Score

0.0004EPSS

2024-06-24 01:15 PM
10
nvd
nvd

CVE-2024-37233

Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-24 01:15 PM
2
nvd
nvd

CVE-2024-37231

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...

8.6CVSS

0.0004EPSS

2024-06-24 01:15 PM
4
nvd
nvd

CVE-2024-37228

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...

10CVSS

0.0004EPSS

2024-06-24 01:15 PM
2
cve
cve

CVE-2024-37109

Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a through...

9.9CVSS

9.7AI Score

0.0004EPSS

2024-06-24 01:15 PM
8
cve
cve

CVE-2024-37111

Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-06-24 01:15 PM
9
cve
cve

CVE-2024-37092

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...

8.5CVSS

8.5AI Score

0.0004EPSS

2024-06-24 01:15 PM
7
cve
cve

CVE-2024-37228

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...

10CVSS

9.7AI Score

0.0004EPSS

2024-06-24 01:15 PM
9
nvd
nvd

CVE-2024-37109

Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a through...

9.9CVSS

0.0004EPSS

2024-06-24 01:15 PM
cve
cve

CVE-2024-37107

Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a through...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-06-24 01:15 PM
9
nvd
nvd

CVE-2024-37107

Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a through...

8.8CVSS

0.0004EPSS

2024-06-24 01:15 PM
3
nvd
nvd

CVE-2024-37092

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...

8.5CVSS

0.0004EPSS

2024-06-24 01:15 PM
nvd
nvd

CVE-2024-37111

Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through...

7.5CVSS

0.0004EPSS

2024-06-24 01:15 PM
1
cvelist
cvelist

CVE-2024-37233 WordPress Play.ht plugin <= 3.6.4 - Broken Access Control vulnerability

Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-24 12:47 PM
3
cvelist
cvelist

CVE-2024-37231 WordPress Salon booking system plugin <= 9.9 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...

8.6CVSS

0.0004EPSS

2024-06-24 12:39 PM
3
vulnrichment
vulnrichment

CVE-2024-37231 WordPress Salon booking system plugin <= 9.9 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...

8.6CVSS

6.8AI Score

0.0004EPSS

2024-06-24 12:39 PM
2
cvelist
cvelist

CVE-2024-37228 WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...

10CVSS

0.0004EPSS

2024-06-24 12:35 PM
3
vulnrichment
vulnrichment

CVE-2024-37228 WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...

10CVSS

7.1AI Score

0.0004EPSS

2024-06-24 12:35 PM
hackread
hackread

LockBit Ransomware Claims 33 TB of US Federal Reserve Data for Ransom

LockBit ransomware claims to hold 33 TB of data from the US Federal Reserve for ransom. Hackread.com investigates, reaching out to CISA for comments on the breach and ongoing negotiations. Stay...

7.3AI Score

2024-06-24 12:34 PM
5
vulnrichment
vulnrichment

CVE-2024-37111 WordPress WishList Member X plugin <= 3.25.1 - Unauthenticated Denial of Service Attack vulnerability

Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through...

7.5CVSS

7AI Score

0.0004EPSS

2024-06-24 12:31 PM
1
cvelist
cvelist

CVE-2024-37111 WordPress WishList Member X plugin <= 3.25.1 - Unauthenticated Denial of Service Attack vulnerability

Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through...

7.5CVSS

0.0004EPSS

2024-06-24 12:31 PM
2
Total number of security vulnerabilities888968