684 matches found
CVE-2024-48876
In the Linux kernel, the following vulnerability has been resolved: stackdepot: fix stackdepotsaveflags in NMI context Per documentation, stackdepotsaveflags was meant to be usable from NMI context if STACKDEPOTFLAGCANALLOC is unset. However, it still would try to take the poollock in an attempt ...
CVE-2025-22596 WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint 'modulos_visiveis.php' parameter'msg_c'
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the modulosvisiveis.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msgc parameter. This vulnerability is fixed in...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.14.44 bug fix and security update
Red Hat OpenShift Container Platform release 4.14.44 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...
Moderate: Red Hat Security Advisory: tuned security update
An update for tuned is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
CVE-2024-11907
creationtimestamp| type| source ---|---|--- 2025-01-09 11:15:35+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfckgg5jsv27 2025-01-09 11:29:42+00:00| seen| https://infosec.exchange/users/cve/statuses/113798164145069141 2025-01-09 12:16:11+00:00| seen|...
Important: Red Hat Security Advisory: iperf3 security update
An update for iperf3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
CVE-2024-11350 AdForest <= 5.1.6 - Privilege Escalation via Password Reset/Account Takeover
The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforestresetpassword function. This makes it...
CVE-2024-12440
creationtimestamp| type| source ---|---|--- 2025-01-07 05:37:45+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/332 2025-01-07 06:03:52+00:00| seen| https://infosec.exchange/users/cve/statuses/113785558250577517 2025-01-07 06:16:14+00:00| seen|...
CVE-2024-11377
The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-33059 Use After Free in Computer Vision
Memory corruption while processing frame command IOCTL calls...
CVE-2024-56678
In the Linux kernel, the following vulnerability has been resolved: powerpc/mm/fault: Fix kfence page fault reporting copyfromkernelnofault can be called when doing read of /proc/kcore. /proc/kcore can have some unmapped kfence objects which when read via copyfromkernelnofault can cause page...
CVE-2024-56507
CVE-2024-56507 : A reflected Cross-Site Scripting (XSS) vulnerability exists in LinkAce prior to version 1.15.6, specifically in the Edit Link module’s URL field where input is reflected in the HTML response. The issue allows injection and execution of arbitrary JavaScript in a victim’s browser, ...
CVE-2024-56673
creationtimestamp| type| source ---|---|--- 2024-12-27 15:21:04+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lecc33vgwu2c 2024-12-27 16:50:52+00:00| seen| https://t.me/cvedetector/13764 2025-01-06 15:37:42+00:00| published-proof-of-concept|...
CVE-2024-56672
creationtimestamp| type| source ---|---|--- 2024-12-27 15:21:01+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lecc2z3o352f 2024-12-27 16:50:49+00:00| seen| https://t.me/cvedetector/13761 2025-04-12 00:10:16+00:00| seen|...
CVE-2024-56619
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential out-of-bounds memory access in nilfsfindentry Syzbot reported that when searching for records in a directory where the inode's isize is corrupted and has a large value, memory access outside the folio/page...
CVE-2024-56651
In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110canist: fix potential use-after-free The commit a22bd630cfff "can: hi311x: do not report txerr and rxerr during bus-off" removed the reporting of rxerr and txerr even in case of correct operation i. e. not...
CVE-2024-53232
In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. This crash happens because during hot-unplug iommugroupsetdomainnofail attaching the default domain fails when the platform no...
CVE-2024-53205 phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe
In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtkusb2phyprobe In rtkusb2phyprobe devmkzalloc may return NULL but this returned value is not checked...
CVE-2024-53191
CVE-2024-53191 affects the Linux kernel, specifically the ath12k driver for WLAN (PCI/PCIE path). The issue arises when an initialization error during firmware handling leaves buffers dp->tx_ring[i].tx_status released, but they are freed again during device unbinding (ath12k_pci_remove), causi...
CVE-2024-53165 sh: intc: Fix use-after-free bug in register_intc_controller()
In the Linux kernel, the following vulnerability has been resolved: sh: intc: Fix use-after-free bug in registerintccontroller In the error handling for this function, d is freed without ever removing it from intclist which would lead to a use after free. To fix this, let's only add it to the lis...