Lucene search
K

4658 matches found

Cvelist
Cvelist
added 2024/05/06 6:28 p.m.27 views

CVE-2024-34375 WordPress Sheets to WP Table Live Sync plugin <= 3.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.This issue affects Sheets To WP Table Live Sync: from n/a through 3.7.0...

5.9CVSS6.3AI score0.00359EPSS
Exploits0References1
Microsoft Security Update
Microsoft Security Update
added 2024/05/06 4:0 p.m.10 views

Azure File Sync Agent v18.0 Release – May 2024 (KB5023057)

Update for Azure File Sync agent version 18.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

7.3AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2024/05/06 4:0 p.m.14 views

Azure File Sync Agent v18.0 Release – May 2024 (KB5023057)

Update for Azure File Sync agent version 18.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

7.3AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2024/05/06 4:0 p.m.12 views

Azure File Sync Agent v18.0 Release – May 2024 (KB5023057)

Update for Azure File Sync agent version 18.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2024/05/06 12:0 a.m.2 views

WordPress plugin Sheets To WP Table Live Sync 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

5.9CVSS5.9AI score0.00359EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/05/03 1:37 p.m.4 views

WordPress Sheets to WP Table Live Sync plugin <= 3.7.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Manab Jyoti Dowarah Patchstack Alliance in WordPress Plugin FlexTable versions = 3.7.0...

5.9CVSS6.1AI score0.00359EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/05/03 12:0 a.m.9 views

WordPress Sheets To WP Table Live Sync Plugin <= 3.7.0 is vulnerable to Cross Site Scripting (XSS)

Software Sheets To WP Table Live Sync Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.7.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34375 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 592f4fe7fc70 Credits Manab Jyoti Dowarah...

5.9CVSS6.6AI score0.00359EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/05/01 1:15 p.m.2 views

DEBIAN-CVE-2024-27052

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancelworksync for c2hcmdwork The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancelworksync in rtl8xxxustop...

7.4CVSS5.6AI score0.0029EPSS
Exploits0References1
OSV
OSV
added 2024/05/01 1:15 p.m.4 views

UBUNTU-CVE-2024-27052

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancelworksync for c2hcmdwork The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancelworksync in rtl8xxxustop...

7.4CVSS6.2AI score0.0029EPSS
Exploits0References25
Fedora
Fedora
added 2024/05/01 1:38 a.m.35 views

[SECURITY] Fedora 38 Update: nextcloud-28.0.4-2.fc38

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

3.7CVSS4.4AI score0.00452EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/04/30 10:11 a.m.2 views

xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation if the server runs with extended privileges, or...

7.8CVSS6.3AI score0.01229EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.5 views

kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free

A use-after-free vulnerability was found in the Linux kernel Intel i915 graphics driver's GuC virtual engine request handling. A local user with access to GPU rendering can create requests on GuC virtual engines and trap references via syncfile or dmabuf, causing fence release operations to acces...

7.8CVSS7.2AI score0.00156EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.3 views

kernel: Bluetooth: hci_conn: Fix crash on hci_create_cis_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix crash on hcicreatecissync When attempting to connect multiple ISO sockets without using DEFERSETUP may result in the following crash: BUG: KASAN: null-ptr-deref in hcicreatecissync+0x18b/0x2b0 Read of size...

5.5CVSS6.8AI score0.0015EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.4 views

kernel: Bluetooth: Fix race condition in hci_cmd_sync_clear

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hcicmdsyncclear There is a potential race condition in hcicmdsyncwork and hcicmdsyncclear, and could lead to use-after-free. For instance, hcicmdsyncwork is added to the 'reqworkqueue' after...

4.7CVSS6.4AI score0.00109EPSS
Exploits0References5
Veracode
Veracode
added 2024/04/30 8:6 a.m.18 views

Privilege Escalation

couchbase is vulnerable to Privilege Escalation. The vulnerability is due to improper verification of admin credentials when Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, which could result in privilege escalation for unauthenticated users...

9.8CVSS7.6AI score0.00763EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/26 12:0 a.m.5 views

PT-2024-9916 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the pm runtime get sync function in the mtk-cmdq component of the Linux kernel. The problem arises from the lack of return value checking of this function. When...

9.8CVSS6.5AI score0.02701EPSS
Exploits3References704
NVD
NVD
added 2024/04/19 3:15 p.m.24 views

CVE-2024-32644

Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit ...

9.1CVSS9.2AI score0.00943EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/04/19 2:18 a.m.8 views

SUSE CVE-2024-26846

In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvmedeletectrl and idadestroy has bee...

4.4CVSS6.6AI score0.00218EPSS
Exploits0References20
BDU FSTEC
BDU FSTEC
added 2024/04/19 12:0 a.m.4 views

The vulnerability in the embedded Jetty server of the CData Sync integration and replication tool allows a perpetrator to gain unauthorized access to protected information and perform arbitrary actions within the system.

The vulnerability in the embedded Jetty server of the CData Sync integration and replication tool is related to errors in processing the relative path to the directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected...

9CVSS5.6AI score0.02909EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/18 12:0 a.m.4 views

The vulnerability of the NTPSyncWithHost function in TOTOLINK EX200 router microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the NTPSyncWithHost function in TOTOLINK EX200 router microprogramming software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the hostTime parameter...

5.3CVSS6AI score0.01368EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder