CVE-2024-47574

creationtimestamp| type| source ---|---|--- 2024-11-12 19:25:41+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113471621703891497 2024-11-13 11:20:15+00:00| seen| https://infosec.exchange/users/cve/statuses/113475375268943677 2024-11-13 13:51:48+00:00| seen|...

CVE-2023-40457

creationtimestamp| type| source ---|---|--- 2024-11-10 23:56:49+00:00| seen| https://infosec.exchange/users/cve/statuses/113461363258758461 2024-11-11 01:52:52+00:00| seen| https://t.me/cvedetector/10445...

CVE-2024-50593

creationtimestamp| type| source ---|---|--- 2024-11-08 12:10:58+00:00| seen| https://infosec.exchange/users/cve/statuses/113447263150943448 2024-11-08 13:50:39+00:00| seen| https://t.me/cvedetector/10193...

CVE-2024-50138

In the Linux kernel, the following vulnerability has been resolved: bpf: Use rawspinlockt in ringbuf The function bpfringbufreserve is invoked from a tracepoint, which disables preemption. Using spinlockt in this context can lead to a "sleep in atomic" warning in the RT variant. This issue is...

CVE-2024-21191

...

WordPress plugin Elementor Addon Elements 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

"@cosme" App fails to restrict custom URL schemes properly

Overview "@cosme" App provided by istyle Inc. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Pantuhong Sorasiri of LAC Co., Ltd. reported this...

CVE-2022-48936

...

CVE-2024-30949

An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the gettimeofday function...

CVE-2024-36137

A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner...

CVE-2024-21129

...

CVE-2024-5213

In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login POST /api/request-token and after account creations POST /api/admin/users/new. This exposure occurs because the entire User object,...

CVE-2024-326181

No description is available for this CVE...

CVE-2024-326145

No description is available for this CVE...

CVE-2024-326092

No description is available for this CVE...

CVE-2022-48690

In the Linux kernel, the following vulnerability has been resolved: ice: Fix DMA mappings leak Fix leak, when user changes ring parameters. During reallocation of RX buffers, new DMA mappings are created for those buffers. New buffers with different RX ring count should substitute older ones, but...

CVE-2022-48687

An out-of-bounds read flaw was found when setting HMAC data in net/ipv6/seg6.c in the Linux kernel. This issue may lead to a crash...

CVE-2024-26922

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpuvmbomap/replacemap/clearingmappings in one common place...

Authentication flaw

A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system...

CVE-2023-22052

...