299 matches found
CVE-2024-34732
In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-40405
Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request...
CVE-2023-40292
Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets...
CVE-2023-38441
In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges...
CVE-2022-4239
The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreapaddonsserviceremove action, allowing any user to delete any post by knowing or guessing the id...
CVE-2022-36514
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function WanModeSetMultiWan...
CVE-2022-36501
H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateSnat...
CVE-2019-9910
The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS...
CVE-2025-4949
A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues via parsing XML files...
CVE-2025-37969
No description is available for this CVE...
CVE-2025-45862
creationtimestamp| type| source ---|---|--- 2025-05-20 15:13:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpmerozy2w2h...
CVE-2025-48237
CVE-2025-48237 is a Stored Cross-Site Scripting (XSS) vulnerability in the Wishlist for WooCommerce plugin for WordPress, affecting versions up to 3.2.2 (and possibly earlier). The issue arises from improper input neutralization during web page generation, enabling stored XSS. CVSS v3.1 base scor...
CVE-2024-6718 PVN Auth Popup <= 1.0.0 - Contributor+ XSS via Shortcode
The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-28954
CVE-2024-28954 involves Intel graphics installers with incorrect default permissions that may allow an authenticated user to escalate privileges locally. Affected software spans Intel® 7th–10th Gen Windows Graphics drivers, Intel® Arc™ & Iris® Xe Windows drivers, and the Intel® Data Center GPU Fl...
CVE-2025-4535
creationtimestamp| type| source ---|---|--- 2025-05-11 08:27:49+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15924 2025-05-11 08:37:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lov2hgcj6g2o 2025-05-11 10:13:33+00:00| seen|...
CVE-2025-37864
In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, VLAN entries on unbind As explained in many places such as commit b117e1e8a86d "net: dsa: delete dsalegacyfdbadd and dsalegacyfdbdel", DSA is written given the assumption that higher layers have...
CVE-2025-4441
creationtimestamp| type| source ---|---|--- 2025-05-08 23:24:04+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15640 2025-05-08 23:28:17+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lop2slhdho42 2025-05-09...
CVE-2025-33093
creationtimestamp| type| source ---|---|--- 2025-05-07 11:22:08+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15290 2025-05-07 12:21:47+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114466521491649706 2025-05-07 12:26:34+00:00| seen|...
CVE-2025-20954
Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability...
CVE-2025-26262
creationtimestamp| type| source ---|---|--- 2025-05-06 18:21:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lojis5wt6a2h 2025-05-06 20:20:18+00:00| seen| https://t.me/cvedetector/24626...