CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4643 matches found

Cvelist•added 2024/08/21 5:30 a.m.•29 views

CVE-2024-7647 OTA Sync Booking Engine Widget 1.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the otasyncwidgetsettingsfnc function. This makes it possible for unauthenticated attackers to...

6.1CVSS0.00214EPSS

Exploits0References4

Vulnrichment•added 2024/08/21 5:30 a.m.•10 views

CVE-2024-7647 OTA Sync Booking Engine Widget 1.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1CVSS6.5AI score0.00214EPSS

Exploits0References2

Patchstack•added 2024/08/21 1:52 a.m.•3 views

WordPress OTA Sync Booking Engine Widget plugin <= 1.2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Ala Arfaoui in WordPress Plugin OTA Sync Booking Engine Widget versions = 1.2.7...

6.1CVSS5.9AI score0.00214EPSS

Exploits0References1Affected Software1

CNNVD•added 2024/08/21 12:0 a.m.•2 views

WordPress plugin OTA Sync Booking Engine Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.1CVSS6.6AI score0.00214EPSS

Exploits0References3

Patchstack•added 2024/08/21 12:0 a.m.•13 views

WordPress OTA Sync Booking Engine Widget Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software OTA Sync Booking Engine Widget Type Plugin Vulnerable versions = 1.2.7 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7647 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID d35ee6f2779f Credits Ala...

6.1CVSS6.7AI score0.00214EPSS

Exploits0References2Affected Software1

BDU FSTEC•added 2024/08/21 12:0 a.m.•4 views

The vulnerability of the cancel_work_sync() function in the appletouch component of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the cancelworksync function in the appletouch component of the Linux operating system’s kernel is related to improper initialization of dev-work after the inputregisterdevice call. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

5.5CVSS6.1AI score0.00228EPSS

Exploits0References23Affected Software2

AlpineLinux•added 2024/08/20 2:50 p.m.•5 views

CVE-2024-43397

Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit enables them to modify a namespace without the necessary permissions. The issue was addressed wit...

4.3CVSS5.9AI score0.00349EPSS

Exploits0References4

RedhatCVE•added 2024/08/19 3:16 p.m.•31 views

CVE-2024-42268

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix missing lock on sync reset reload On sync reset reload work, when remote host updates devlink on reload actions performed on that host, it misses taking devlink lock before calling devlinkremotereloadactionsperforme...

5.5CVSS7.3AI score0.00172EPSS

Exploits0References4

RedhatCVE•added 2024/08/19 1:45 p.m.•20 views

CVE-2024-43820

In the Linux kernel, the following vulnerability has been resolved: dm-raid: Fix WARNONONCE check for syncthread in raidresume rm-raid devices will occasionally trigger the following warning when being resumed after a table load because DMRECOVERYRUNNING is set: WARNING: CPU: 7 PID: 5660 at...

4.4CVSS6.3AI score0.00196EPSS

Exploits0References4

SUSE CVE•added 2024/08/18 2:3 a.m.•2 views

SUSE CVE-2024-42260

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Validate passed in drm syncobj handles in the performance extension If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking...

5.5CVSS7.7AI score0.00196EPSS

Exploits0References3

SUSE CVE•added 2024/08/18 2:2 a.m.•1 views

SUSE CVE-2024-42262

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix potential memory leak in the performance extension If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drmsyncobjput. Fix it ...

3.3CVSS7.6AI score0.00196EPSS

Exploits0References3

SUSE CVE•added 2024/08/18 2:2 a.m.•1 views

SUSE CVE-2024-42263

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Fix potential memory leak in the timestamp extension If fetching of userspace memory fails during the main loop, all drm sync objs looked up until that point will be leaked because of the missing drmsyncobjput. Fix it by...

3.3CVSS7.6AI score0.00196EPSS

Exploits0References3

SUSE CVE•added 2024/08/18 2:2 a.m.•2 views

SUSE CVE-2024-42290

In the Linux kernel, the following vulnerability has been resolved: irqchip/imx-irqsteer: Handle runtime power management correctly The power domain is automatically activated from clkprepare. However, on certain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes sleeping function...

5.5CVSS6.4AI score0.00231EPSS

Exploits0References10

SUSE CVE•added 2024/08/18 2:1 a.m.•1 views

SUSE CVE-2024-43820

5.5CVSS7.2AI score0.00196EPSS

Exploits0References16