Lucene search
K

6043 matches found

OSV
OSV
added 2024/09/04 8:15 p.m.1 views

DEBIAN-CVE-2024-45008

In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at inputmtinitslots, for numslots is supplied from userspace using ioctlUIDEVCREATE. Since nobody knows possible max slots, this patch chose 1024...

5.5CVSS5.6AI score0.00237EPSS
Exploits0References1
OSV
OSV
added 2024/09/04 8:15 p.m.0 views

UBUNTU-CVE-2024-45008

In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at inputmtinitslots, for numslots is supplied from userspace using ioctlUIDEVCREATE. Since nobody knows possible max slots, this patch chose 1024...

5.5CVSS6.2AI score0.00237EPSS
Exploits0References27
RedHat Linux
RedHat Linux
added 2024/09/04 7:24 a.m.4 views

kernel: mm/slub: fix to return errno if kmalloc() fails

In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc fails In createuniqueid, kmalloc, GFPKERNEL can fail due to out-of-memory, if it fails, return errno correctly rather than triggering panic via BUGON; kernel BUG at mm/slub.c:5893! Internal...

5.5CVSS6.8AI score0.00241EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/09/04 7:24 a.m.4 views

kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE

In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPFPROGTYPECGROUPSKB attach type enforcement in BPFLINKCREATE bpfprogattach uses attachtypetoprogtype to enforce proper attach type for BPFPROGTYPECGROUPSKB. linkcreate uses bpfprogget and relies on...

5.5CVSS6.8AI score0.00228EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.7 views

WordPress plugin MultiVendorX 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS6.9AI score0.01255EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2024/09/02 12:0 a.m.284 views

Free Hospital Management System For Small Practices 1.0 CSRF

============================================================================================================================================= | Title : Vaidya-Mitra v 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.150 views

AD CS Certificate Template Management

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AD CS Certificate Template Management', 'Description' = %q This module can create, read, update, and delete AD CS certificate templates from a...

7.4AI score
Exploits0
OSV
OSV
added 2024/08/30 5:18 p.m.18 views

GO-2024-3096 Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server

Mattermost allows remote/synthetic users to create sessions, reset passwords in github.com/mattermost/mattermost-server...

6.5CVSS5.5AI score0.00261EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.3 views

PT-2024-38922 · Feehicms · Feehicms

Name of the Vulnerable Software and Affected Versions: FeehiCMS versions up to 2.1.1 Description: A critical issue has been found in FeehiCMS, affecting the createBanner function of the file /admin/index.php?r=banner%2Fbanner-create. The manipulation of the argument BannerFormimg leads to...

9.8CVSS6.5AI score0.00756EPSS
Exploits1References14
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.2 views

FeehiCMS 代码问题漏洞

FeehiCMS is a content management system CMS based on the Yii2 framework, aiming to provide Yii2 enthusiasts with a full-featured CMS system so that developers can focus more on the development of business functions. A security vulnerability exists in FeehiCMS. The vulnerability is related to the...

9.8CVSS7.1AI score0.00756EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.3 views

FeehiCMS 代码问题漏洞

FeehiCMS is a Php based CMS website builder by Liufee personal developer. A code issue vulnerability exists in FeehiCMS version 2.1.1 and prior versions, which originates from an unverified file upload vulnerability in the Useravatar parameter of the /admin/index.php?r=user%2Fcreate file...

9.8CVSS6.5AI score0.00756EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/08/28 11:46 a.m.8 views

postgresql: PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks

A flaw was found in PostgreSQL. Missing authorization in the built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the...

4.3CVSS7.3AI score0.00722EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/08/28 12:0 a.m.3 views

RuoYi 安全漏洞

RuoYi is a back-end management system by the individual developer of RuoYi in China. A security vulnerability exists in RuoYi v4.7.9, which is caused by a cross-site scripting XSS vulnerability in the sql parameter of the createTable function at /tool/gen/create...

6.1CVSS5.8AI score0.00341EPSS
Exploits3References3
Veracode
Veracode
added 2024/08/27 7:12 a.m.9 views

Cross Site Scripting(XSS)

fastapi-admin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation of the Product Name parameter in the Config-Create function, allowing attackers to inject and execute arbitrary web scripts or HTML...

6.1CVSS6.5AI score0.0027EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/08/27 7:12 a.m.12 views

Cross Site Scripting

fastapi-admin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient validation and sanitization of the Product Name parameter in the Create Product function, which allows attackers to inject and execute arbitrary web scripts or HTML...

6.1CVSS6.5AI score0.0027EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/08/26 9:15 p.m.21 views

CVE-2024-43264

Insertion of Sensitive Information Into Sent Data vulnerability in mischiefmarmot Create by Mediavine mediavine-create.This issue affects Create by Mediavine: from n/a through = 1.9.8...

7.5CVSS0.0037EPSS
Exploits0References1
OSV
OSV
added 2024/08/26 9:15 p.m.3 views

CVE-2024-43264

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mediavine Create by Mediavine.This issue affects Create by Mediavine: from n/a through 1.9.8...

7.5CVSS5.8AI score0.0037EPSS
Exploits0References1
CVE
CVE
added 2024/08/26 8:12 p.m.63 views

CVE-2024-43264

CVE-2024-43264 describes an Exposure of Sensitive Information to an Unauthorized Actor in the Mediavine Create WordPress plugin. Affected versions are Create by Mediavine up to 1.9.8 (inclusive). The connected sources confirm an unauthenticated exposure of sensitive data and identify the affected...

7.5CVSS5.9AI score0.0037EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/08/26 6:33 p.m.13 views

GHSA-22XM-W7R2-834Q FastAPI Admin cross-site scripting (XSS) vulnerability in the Create Product function

A cross-site scripting XSS vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...

6.1CVSS5.9AI score0.0027EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/08/26 6:33 p.m.16 views

FastAPI Admin cross-site scripting (XSS) vulnerability in the Create Product function

A cross-site scripting XSS vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...

6.1CVSS5.7AI score0.0027EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder