VYPR

CVEs

100,104 total · page 664 of 2,003

  • CVE-2024-38545HigJun 19, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the…

  • CVE-2024-38542HigJun 19, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: RDMA/mana_ib: boundary check before installing cq callbacks Add a boundary check inside mana_ib_install_cq_cb to prevent index overflow.

  • CVE-2024-38538HigJun 19, 2024
    risk 0.46cvss 7.1epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETH_HLEN bytes) skb. To fix it check if…

  • CVE-2024-38329HigJun 19, 2024
    risk 0.50cvss 7.7epss 0.00

    IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker…

  • CVE-2024-36979HigJun 19, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same…

  • CVE-2023-36684HigJun 19, 2024
    risk 0.46cvss 7.1epss 0.00

    Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through 1.7.5.

  • CVE-2023-39998HigJun 19, 2024
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 27.1.1.

  • CVE-2023-38386HigJun 19, 2024
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.

  • CVE-2023-37870HigJun 19, 2024
    risk 0.53cvss 8.1epss 0.00

    Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.1.9.

  • CVE-2023-35049HigJun 19, 2024
    risk 0.49cvss 7.5epss 0.01

    Missing Authorization vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.4.0.

  • CVE-2023-47770HigJun 19, 2024
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in Muffin Group Betheme.This issue affects Betheme: from n/a through 27.1.1.

  • CVE-2023-46148HigJun 19, 2024
    risk 0.57cvss 8.8epss 0.00

    Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.

  • CVE-2023-46146HigJun 19, 2024
    risk 0.54cvss 8.3epss 0.00

    Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.

  • CVE-2023-45658HigJun 19, 2024
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in POSIMYTH Nexter.This issue affects Nexter: from n/a through 2.0.3.

  • CVE-2023-40608HigJun 19, 2024
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through 0.3.

  • CVE-2023-40004HigJun 19, 2024
    risk 0.48cvss 7.3epss 0.10

    Missing Authorization vulnerability in ServMask All-in-One WP Migration Box Extension, ServMask All-in-One WP Migration OneDrive Extension, ServMask All-in-One WP Migration Dropbox Extension, ServMask All-in-One WP Migration Google Drive Extension.This issue affects All-in-One…

  • CVE-2024-35780HigJun 19, 2024
    risk 0.48cvss 8.5epss 0.00

    Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.42.

  • CVE-2023-48760HigJun 19, 2024
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.

  • CVE-2023-48759HigJun 19, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.

  • CVE-2023-47783HigJun 19, 2024
    risk 0.54cvss 8.3epss 0.00

    Missing Authorization vulnerability in Thrive Themes Thrive Theme Builder.This issue affects Thrive Theme Builder: from n/a before 3.24.0.

  • CVE-2023-47771HigJun 19, 2024
    risk 0.54cvss 8.3epss 0.00

    Missing Authorization vulnerability in ThemePunch OHG Essential Grid.This issue affects Essential Grid: from n/a through 3.0.18.

  • CVE-2024-36978HigJun 19, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune() q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc.…

  • CVE-2024-6132HigJun 19, 2024
    risk 0.57cvss 8.8epss 0.01

    The Pexels: Free Stock Photos plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'pexels_fsp_images_options_validate' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers,…

  • CVE-2024-5574HigJun 19, 2024
    risk 0.42cvss 7.5epss 0.01

    The WP Magazine Modules Lite plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'blockLayout' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and…

  • CVE-2024-5343HigJun 19, 2024
    risk 0.50cvss 8.8epss 0.00

    The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views'…

  • CVE-2024-5724HigJun 19, 2024
    risk 0.57cvss 8.8epss 0.01

    The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGM_all_photos_details' parameter. This makes it possible for authenticated attackers, with…

  • CVE-2024-2381HigJun 19, 2024
    risk 0.50cvss 8.8epss 0.01

    The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with…

  • CVE-2024-6125HigJun 19, 2024
    risk 0.46cvss 8.1epss 0.00

    The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it…

  • CVE-2024-6146HigJun 19, 2024
    risk 0.57cvss 8.8epss 0.01

    Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required…

  • CVE-2024-6145HigJun 19, 2024
    risk 0.57cvss 8.8epss 0.01

    Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this vulnerability. The…

  • CVE-2024-6144HigJun 19, 2024
    risk 0.57cvss 8.8epss 0.01

    Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to…

  • CVE-2024-6143HigJun 19, 2024
    risk 0.57cvss 8.8epss 0.01

    Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this…

  • CVE-2024-6142HigJun 19, 2024
    risk 0.57cvss 8.8epss 0.01

    Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Actiontec WCB6200Q routers. Authentication is not required to exploit this…

  • CVE-2024-38276HigJun 18, 2024
    risk 0.50cvss 8.8epss 0.00

    Incorrect CSRF token checks resulted in multiple CSRF risks.

  • CVE-2024-38275HigJun 18, 2024
    risk 0.42cvss 7.5epss 0.00

    The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

  • CVE-2024-37821HigJun 18, 2024
    risk 0.57cvss 8.8epss 0.01

    An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file.

  • CVE-2024-36974HigJun 18, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the…

  • CVE-2024-22002HigJun 18, 2024
    risk 0.51cvss 7.8epss 0.00

    CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in the cuepkg-1.2.6 subdirectory of the installation directory.

  • CVE-2022-23829HigJun 18, 2024
    risk 0.53cvss 8.2epss 0.00

    A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections.

  • CVE-2024-38348HigJun 18, 2024
    risk 0.57cvss 8.8epss 0.00

    CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter.

  • CVE-2024-38347HigJun 18, 2024
    risk 0.57cvss 8.8epss 0.01

    CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id parameter.

  • CVE-2024-37802HigJun 18, 2024
    risk 0.57cvss 8.8epss 0.01

    CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter.

  • CVE-2024-5275HigJun 18, 2024
    risk 0.51cvss 7.8epss 0.00

    A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle (MiTM) attack…

  • CVE-2024-6116HigJun 18, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The…

  • CVE-2023-47726HigJun 18, 2024
    risk 0.46cvss 7.1epss 0.00

    IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation. IBM X-Force ID: 272087.

  • CVE-2024-6115HigJun 18, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can…

  • CVE-2024-6114HigJun 18, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability classified as critical has been found in itsourcecode Monbela Tourist Inn Online Reservation System up to 1.0. Affected is an unknown function of the file controller.php. The manipulation of the argument image leads to unrestricted upload. It is possible to…

  • CVE-2024-6112HigJun 18, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability classified as critical was found in itsourcecode Pool of Bethesda Online Reservation System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument log_email leads to sql injection. The attack can be initiated…

  • CVE-2024-6111HigJun 18, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability classified as critical has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack…

  • CVE-2024-6110HigJun 18, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in itsourcecode Magbanua Beach Resort Online Reservation System up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file controller.php. The manipulation of the argument image leads to unrestricted…