CVE-2024-41082 nvme-fabrics: use reserved tag for reg read/write command

In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: use reserved tag for reg read/write command In some scenarios, if too many commands are issued by nvme command in the same time by user tasks, this may exhaust all tags of adminq. If a reset nvme reset or IO timeout...

SUSE CVE-2022-48804

In the Linux kernel, the following vulnerability has been resolved: vtioctl: fix arrayindexnospec in vtsetactivate arrayindexnospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer underflow. vsa.console...

Malicious code in sap-activate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5924dc60c4c96949c7f4deaaefa269b7331fd9c71a59cb34f477e7936c21e65a The OpenSSF Package Analysis project identified 'sap-activate' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-7490 Malicious code in sap-activate (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5924dc60c4c96949c7f4deaaefa269b7331fd9c71a59cb34f477e7936c21e65a The OpenSSF Package Analysis project identified 'sap-activate' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

PT-2024-36999 · Woocommerce · Xplainer - Woocommerce Product Faq

Name of the Vulnerable Software and Affected Versions: The XPlainer – WooCommerce Product FAQ WooCommerce Accordion FAQ Plugin versions up to, and including, 1.6.4 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data without proper...

The vulnerability of the final point of the application programming interface /api/v1/users/{user_name_or_id}/activate, which is part of the Zenml machine learning pipeline creation framework, allows a violator to elevate their privileges.

The vulnerability of the final point of the application software interface/api/v1/users/usernameorid/activate function in the Zenml machine learning pipeline creation framework is related to deficiencies in the access control mechanism. Exploiting this vulnerability could allow an attacker to...

TYPO3 Security Vulnerabilities

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 versions prior to 8.3.8, and 9.x versions prior to 9.0.6, which stems from the presence of an insecure direct object reference IDOR vulnerability,...

CVE-2024-4661

The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the val...

CVE-2024-4661

The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the val...

CVE-2024-4661

CVE-2024-4661 (WP Reset) – WordPress Plugin . Vulnerability due to missing capability check in the save_ajax function across versions up to 2.02, enabling authenticated users with subscriber-level access and above to modify the value of the “License Key” field under the Activate Pro License setti...

WordPress Clever Fox plugin <= 25.2.0 - Missing Authorization to arbitrary theme activation via clever-fox-activate-theme vulnerability

Missing Authorization to arbitrary theme activation via clever-fox-activate-theme vulnerability discovered by Lucio Sá in WordPress Plugin Clever Fox versions = 25.2.0...

PT-2024-15112 · Nayra Themes · The Clever Fox – One Click Website Importer

Name of the Vulnerable Software and Affected Versions: The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress versions up to, and including, 25.2.0 Description: The issue is related to a missing capability check on the clever-fox-activate-theme function, allowing...

SUSE CVE-2023-52668

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix lock ordering in btrfszoneactivate The btrfs CI reported a lockdep warning as follows by running generic generic/129. WARNING: possible circular locking dependency detected 6.7.0-rc5+ 1 Not tainted...

UBUNTU-CVE-2023-52668

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix lock ordering in btrfszoneactivate The btrfs CI reported a lockdep warning as follows by running generic generic/129. WARNING: possible circular locking dependency detected 6.7.0-rc5+ 1 Not tainted...

AZL-42195 CVE-2024-27012 affecting package kernel for versions less than 6.6.57.1-1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: restore set elements when delete set fails From abort path, nftmapelemactivate needs to restore refcounters to the original state. Currently, it uses the set-ops-walk to iterate over these set elements. The...

CVE-2024-27012 netfilter: nf_tables: restore set elements when delete set fails

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: restore set elements when delete set fails From abort path, nftmapelemactivate needs to restore refcounters to the original state. Currently, it uses the set-ops-walk to iterate over these set elements. The...

SourceCodester Airline Ticket Reservation System SQL注入漏洞

Airline Ticket Reservation System is a ticket reservation system. A SQL injection vulnerability exists in SourceCodester Airline Ticket Reservation System version 1.0, which is caused by a SQL injection vulnerability in the jetid parameter of the activatejetdetailsformhandler.php file...

Exploit for Path Traversal in Aiohttp

CVE-2024-23334-PoC A proof of concept of the path traversal vu...

PT-2024-19622 · WordPress · Backuply

Name of the Vulnerable Software and Affected Versions: The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress versions up to, and including, 1.2.7 Description: The issue allows attackers with an account that has only the activate plugins capability to access arbitrary files on the...

CVE-2024-1870

The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access ...