Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-21 | CVE-2024-47711 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: af_unix: Don't return OOB skb in manage_oob(). syzbot reported use-after-free in unix_stream_recv_urg(). | 7.8 |
| 2024-10-21 | CVE-2024-47718 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtw_wait_firmware_completion()', always wait for both (regular and wowlan) firmware loading attempts. | 7.8 |
| 2024-10-21 | CVE-2024-47719 | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: iommufd: Protect against overflow of ALIGN() during iova allocation Userspace can supply an iova and uptr such that the target iova alignment becomes really big and ALIGN() overflows which corrupts the selected area range during allocation. | 7.8 |
| 2024-10-21 | CVE-2024-47721 | Out-of-bounds Read vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: remove unused C2H event ID RTW89_MAC_C2H_FUNC_READ_WOW_CAM to prevent out-of-bounds reading The handler of firmware C2H event RTW89_MAC_C2H_FUNC_READ_WOW_CAM isn't implemented, but driver expects number of handlers is NUM_OF_RTW89_MAC_C2H_FUNC_WOW causing out-of-bounds access. | 7.1 |
| 2024-10-21 | CVE-2024-43945 | Cross-Site Request Forgery (CSRF) vulnerability in Latepoint Cross-Site Request Forgery (CSRF) vulnerability in Latepoint LatePoint allows Cross Site Request Forgery.This issue affects LatePoint: from n/a through 4.9.91. | 8.8 |
| 2024-10-21 | CVE-2024-47328 | SQL Injection vulnerability in Funnelkit Automations Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Automation By Autonami allows SQL Injection.This issue affects Automation By Autonami: from n/a through 3.1.2. | 7.2 |
| 2024-10-21 | CVE-2024-8625 | SQL Injection vulnerability in Total-Soft TS Poll The TS Poll WordPress plugin before 2.4.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | 7.2 |
| 2024-10-21 | CVE-2024-10200 | Path Traversal vulnerability in Wellchoose Administrative Management System Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server. | 7.5 |
| 2024-10-21 | CVE-2024-10201 | Unrestricted Upload of File with Dangerous Type vulnerability in Wellchoose Administrative Management System Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells. | 8.8 |
| 2024-10-21 | CVE-2024-10202 | OS Command Injection vulnerability in Wellchoose Administrative Management System Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands. | 8.8 |