CVE-2024-43253 WordPress Smart Online Order for Clover plugin <= 1.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders.This issue affects Smart Online Order for Clover: from n/a through = 1.5.6...

CVE-2024-43923 WordPress Timetics plugin <= 1.0.23 - Broken Access Control vulnerability

Missing Authorization vulnerability in Arraytics Timetics allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Timetics: from n/a through 1.0.23...

CVE-2024-43979

CVE-2024-43979 is a Missing Authorization vulnerability in CozyThemes Blockbooster for WordPress. The flaw affects Blockbooster versions

CVE-2024-43998

CVE-2024-43998 : Blogpoet theme has a Missing Authorization (ACL) vulnerability that lets an unauthenticated actor access functions not properly constrained by ACLs in Blogpoet versions n/a–1.0.3. The credible connected documents describe the root cause as missing authorization around plugin/feat...

CVE-2024-47321

CVE-2024-47321 affects WordPress WP Datepicker

CVE-2024-10654 TOTOLINK LR350 formLoginAuth.htm authorization

A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be...

JetBrains YouTrack < 2024.3.47707 Multiple Vulnerabilities

The version of JetBrains YouTrack installed on the remote host is prior to 2024.3.47707. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory. - Potential ReDoS exploit was possible via email header parsing in Helpdesk functionality CVE-2024-50574 - Reflecte...

CVE-2024-48311

CVE-2024-48311 affects Piwigo v14.5.0 and is a Cross-Site Request Forgery (CSRF) vulnerability via the Edit album function. The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) yields a base score of 8.8 (HIGH). The available connected documents confirm the flaw is in Piwigo 14.5.0 and desc...

PT-2025-23521 · Hewlett Packard · Hpe Storeonce

Name of the Vulnerable Software and Affected Versions: HPE StoreOnce Software affected versions not specified Description: A directory traversal information disclosure issue exists. This allows for potential information disclosure due to directory traversal vulnerabilities in the getServerPayload...

CVE-2024-24777

A cross-site request forgery CSRF vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious web page to trigger this vulnerability...

CVE-2024-50574

In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality...

CVE-2024-50574

In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality...

CVE-2024-50574

In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality...

CVE-2024-50574

JetBrains YouTrack before 2024.3.47707 is affected by CVE-2024-50574: a potential ReDoS via email header parsing in Helpdesk. The issue is described in multiple sources as a denial of service risk with availability impact (per CVSS notes: HIGH). No explicit exploit details or active exploit statu...

The vulnerability of the OSB Core Functionality component of the integration platform for managing, routing, and processing messages between applications and services in Oracle Service Bus (OSB) allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the OSB Core Functionality component of the integration platform for managing, routing, and processing messages between applications and services in Oracle Service Bus is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an...

NVIDIA D3D10 Driver Shader Functionality LD instruction out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-2012 NVIDIA D3D10 Driver Shader Functionality LD instruction out-of-bounds read vulnerability October 23, 2024 CVE Number CVE-2024-0117 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D10 Driver 555.99,...

NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability due to excessive loop iteration

Talos Vulnerability Report TALOS-2024-2013 NVIDIA D3D10 Driver Shader Functionality out-of-bounds read vulnerability due to excessive loop iteration October 23, 2024 CVE Number CVE-2024-0118 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D...

NVIDIA D3D10 Driver Shader Functionality MOV instruction out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-2015 NVIDIA D3D10 Driver Shader Functionality MOV instruction out-of-bounds read vulnerability October 23, 2024 CVE Number CVE-2024-0119 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D10 Driver 555.99...

NVIDIA D3D10 Driver Shader Functionality STORE_STRUCTURED instruction out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-2014 NVIDIA D3D10 Driver Shader Functionality STORESTRUCTURED instruction out-of-bounds read vulnerability October 23, 2024 CVE Number CVE-2024-0120 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality functionality of NVIDIA D3D10...

NVIDIA D3D10 Driver Shader Functionality SAMPLE out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2024-1955 NVIDIA D3D10 Driver Shader Functionality SAMPLE out-of-bounds read vulnerability October 23, 2024 CVE Number CVE-2024-0121 SUMMARY An out-of-bounds read vulnerability exists in the Shader Functionality SAMPLE instruction of NVIDIA D3D10 Driver NVIDIA D3D...