2024-12-07 | CVE-2024-8679 | | The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the ‘value' parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.8 |
2024-12-05 | CVE-2018-9386 | Google | Out-of-bounds Write vulnerability in Google Android In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. | 6.7 |
2024-12-05 | CVE-2018-9390 | Google | Out-of-bounds Read vulnerability in Google Android In procfile_write of gl_proc.c, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. | 6.7 |
2024-12-05 | CVE-2018-9391 | Google | Out-of-bounds Write vulnerability in Google Android In update_gps_sv and output_vzw_debug of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/gpshal_wor ker.c, there is a possible out of bounds write due to a missing bounds check. | 6.7 |
2024-12-05 | CVE-2017-13308 | Google | Classic Buffer Overflow vulnerability in Google Android In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. | 6.7 |
2024-12-05 | CVE-2018-9397 | Google | Out-of-bounds Write vulnerability in Google Android In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOB write due to a missing bounds check. | 6.7 |
2024-12-05 | CVE-2018-9398 | Google | Out-of-bounds Write vulnerability in Google Android In fm_set_stat of mediatek FM radio driver, there is a possible OOB write due to improper input validation. | 6.7 |
2024-12-05 | CVE-2018-9399 | Google | Out-of-bounds Write vulnerability in Google Android In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. | 6.7 |
2024-12-05 | CVE-2018-9400 | Google | Out-of-bounds Write vulnerability in Google Android In gt1x_debug_write_proc and gt1x_tool_write of drivers/input/touchscreen/mediatek/GT1151/gt1x_generic.c and gt1x_tools.c, there is a possible out of bounds write due to a missing bounds check. | 6.7 |
2024-12-05 | CVE-2018-9403 | Google | Out-of-bounds Write vulnerability in Google Android In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- interface.c, there is a possible stack buffer overflow due to a missing bounds check. | 6.7 |
2024-12-05 | CVE-2018-9404 | Google | Integer Overflow or Wraparound vulnerability in Google Android In oemCallback of ril.cpp, there is a possible out of bounds write due to an integer overflow. | 6.7 |
2024-12-05 | CVE-2018-9416 | Google | Out-of-bounds Write vulnerability in Google Android In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root cause. | 6.7 |
2024-12-05 | CVE-2018-9439 | Google | Use After Free vulnerability in Google Android In __unregister_prot_hook and packet_release of af_packet.c, there is a possible use-after-free due to improper locking. | 6.7 |
2024-12-05 | CVE-2018-9462 | Google | Out-of-bounds Write vulnerability in Google Android In store_cmd of ftm4_pdc.c, there is a possible out of bounds write due to an incorrect bounds check. | 6.7 |
2024-12-05 | CVE-2018-9463 | Google | Out-of-bounds Write vulnerability in Google Android In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a possible out of bounds write due to an incorrect bounds check. | 6.7 |
2024-12-04 | CVE-2018-9396 | Google | Out-of-bounds Write vulnerability in Google Android In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. | 6.7 |
2024-12-04 | CVE-2018-9392 | Google | Out-of-bounds Write vulnerability in Google Android In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. | 6.7 |
2024-12-04 | CVE-2018-9393 | Google | Out-of-bounds Write vulnerability in Google Android In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a possible OOB write due to a missing bounds check. | 6.7 |
2024-12-04 | CVE-2018-9394 | Google | Out-of-bounds Write vulnerability in Google Android In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is a possible OOB write due to improper input validation. | 6.7 |
2024-12-04 | CVE-2018-9395 | Google | Out-of-bounds Write vulnerability in Google Android In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. | 6.7 |
2024-12-02 | CVE-2018-9376 | Google | Out-of-bounds Write vulnerability in Google Android In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. | 6.7 |
2024-12-02 | CVE-2024-33036 | Qualcomm | Use of Out-of-range Pointer Offset vulnerability in Qualcomm products Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access. | 6.7 |
2024-12-02 | CVE-2024-33039 | Qualcomm | Untrusted Pointer Dereference vulnerability in Qualcomm products Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service. | 6.7 |
2024-12-02 | CVE-2024-33053 | Qualcomm | Use After Free vulnerability in Qualcomm products Memory corruption when multiple threads try to unregister the CVP buffer at the same time. | 6.7 |
2024-12-06 | CVE-2024-47146 | Ruijienetworks | Resource Leak vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal. | 6.5 |
2024-12-06 | CVE-2024-11729 | | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'service_list[0][service_id]' parameter of the get_widget_payment_options AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
2024-12-06 | CVE-2024-11730 | | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'sort[]' parameter of the static_data_list AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
2024-12-04 | CVE-2024-53135 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Hide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. | 6.5 |
2024-12-03 | CVE-2024-41776 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 6.5 |
2024-12-03 | CVE-2024-11732 | | The BP Profile Shortcodes Extra plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tab’ parameter in all versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
2024-12-02 | CVE-2018-9423 | Google | Out-of-bounds Read vulnerability in Google Android In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a possible out of bound read due to missing bounds check. | 6.5 |
2024-12-02 | CVE-2018-9429 | Google | Use of Uninitialized Resource vulnerability in Google Android 8.1 In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. | 6.5 |
2024-12-07 | CVE-2024-47107 | | IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. | 6.4 |
2024-12-07 | CVE-2024-11380 | | The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-07 | CVE-2024-11451 | | The Zooom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zooom' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-07 | CVE-2024-11904 | | The ???? ??? plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msntt_add_plus_talk' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-06 | CVE-2024-4633 | | The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addExtraMimeType’ function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. | 6.4 |
2024-12-06 | CVE-2024-10320 | | The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookielay shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-06 | CVE-2024-10849 | | The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. | 6.4 |
2024-12-06 | CVE-2024-11339 | | The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-06 | CVE-2024-11352 | | The TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twentytwenty' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-06 | CVE-2024-11450 | | The ONLYOFFICE Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-06 | CVE-2024-11201 | | The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_send shortcode in all versions up to, and including, 2.7.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-05 | CVE-2024-10056 | | The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-05 | CVE-2024-10848 | | The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. | 6.4 |
2024-12-05 | CVE-2024-11420 | | The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. | 6.4 |
2024-12-05 | CVE-2024-11779 | | The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wip_woocarousel_products_carousel' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-05 | CVE-2024-10178 | | The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-05 | CVE-2024-10881 | | The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lunaradio' shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-04 | CVE-2024-11935 | | The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. | 6.4 |
2024-12-04 | CVE-2024-11854 | | The Listdom – Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. | 6.4 |
2024-12-04 | CVE-2024-8962 | | The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. | 6.4 |
2024-12-04 | CVE-2024-11880 | | The B Testimonial – testimonial plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'b_testimonial' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-04 | CVE-2024-5020 | | Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-04 | CVE-2024-11769 | | The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-04 | CVE-2024-11903 | | The WP eCards plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ecard' shortcode in all versions up to, and including, 1.3.904 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-04 | CVE-2024-10885 | | The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-04 | CVE-2024-11747 | | The Responsive Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'somryv' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-04 | CVE-2024-11897 | | The Contact Form, Survey & Form Builder – MightyForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mightyforms' shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-03 | CVE-2024-11782 | | The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-03 | CVE-2024-11866 | | The BMLT Tabbed Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmlt_tabbed_map' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-03 | CVE-2024-11453 | | The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_pin_widget' shortcode in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-03 | CVE-2024-11853 | | The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ar’ parameter in all versions up to, and including, 2.0.15 due to insufficient input sanitization and output escaping. | 6.4 |
2024-12-03 | CVE-2024-11898 | | The Scratch & Win – Giveaways and Contests. | 6.4 |
2024-12-03 | CVE-2024-9058 | | The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output escaping. | 6.4 |
2024-12-03 | CVE-2024-10484 | | The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-03 | CVE-2024-9694 | | The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.4 |
2024-12-06 | CVE-2024-10681 | | The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. | 6.3 |
2024-12-06 | CVE-2024-10909 | | The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7. | 6.3 |
2024-12-07 | CVE-2024-11457 | | The Feedpress Generator – External RSS Frontend Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-07 | CVE-2024-11464 | | The Easy Code Snippets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-07 | CVE-2024-11367 | | The Smoove connector for Elementor forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.0. | 6.1 |
2024-12-07 | CVE-2024-11374 | | The TWChat – Send or receive messages from users plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.4. | 6.1 |
2024-12-07 | CVE-2024-12128 | | The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘monthly_sales_current_year’ parameter in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-07 | CVE-2024-10046 | | The ?????? ????? ??????? Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.5. | 6.1 |
2024-12-07 | CVE-2024-11329 | | The Comfino Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.1. | 6.1 |
2024-12-07 | CVE-2024-11436 | | The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.4.19 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-07 | CVE-2024-11943 | | The ????? ?? ???? – ???? ?? ???? plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.2.2. | 6.1 |
2024-12-07 | CVE-2024-12165 | | The Mollie for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-07 | CVE-2024-12166 | | The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-07 | CVE-2024-12167 | | The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wpnonce' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-07 | CVE-2024-12257 | | The CardGate Payments for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-06 | CVE-2024-55268 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Covid 19 Testing Management System 1.0 A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter. | 6.1 |
2024-12-06 | CVE-2024-10879 | | The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. | 6.1 |
2024-12-06 | CVE-2024-11204 | | The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-06 | CVE-2024-11276 | | The PDF Builder for WooCommerce. | 6.1 |
2024-12-06 | CVE-2024-11336 | | The Clickbank WordPress Plugin (Storefront) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. | 6.1 |
2024-12-06 | CVE-2024-11368 | | The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.6. | 6.1 |
2024-12-06 | CVE-2024-11687 | | The Next-Cart Store to WooCommerce Migration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-06 | CVE-2024-11823 | | The Folder Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'foldergallery' shortcode in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 6.1 |
2024-12-06 | CVE-2024-12003 | | The WP System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. | 6.1 |
2024-12-06 | CVE-2024-12060 | | The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpmowebp-css-resources’ and 'wpmowebp-js-resources' parameters in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-06 | CVE-2024-11379 | | The Broadcast plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'do_check' parameter in all versions up to, and including, 51.01 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-06 | CVE-2024-10836 | | The Flixita theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.0.82 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-05 | CVE-2024-11324 | | The Accounting for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.6. | 6.1 |
2024-12-04 | CVE-2024-11814 | | The Additional Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the wfwp_wcos_delete_finished, wfwp_wcos_delete_fallback_finished, wfwp_wcos_delete_fallback_orders_updated, and wfwp_wcos_delete_fallback_status parameters in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-04 | CVE-2023-6978 | | The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-04 | CVE-2024-11466 | | The Intro Tour Tutorial DeepPresentation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 6.5.2 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-04 | CVE-2024-10832 | | The Posti Shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.10.3. | 6.1 |
2024-12-04 | CVE-2024-11807 | | The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'data1' and 'data2' parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-04 | CVE-2024-11813 | | The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. | 6.1 |
2024-12-03 | CVE-2024-11200 | | The Goodlayers Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘font-family’ parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-03 | CVE-2024-11326 | | The Campaign Monitor Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. | 6.1 |
2024-12-03 | CVE-2024-11461 | | The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-03 | CVE-2024-11707 | | The My auctions allegro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.6.17 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-03 | CVE-2024-11805 | | The Quick License Manager – WooCommerce Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'submit_qlm_products' parameter in all versions up to, and including, 2.4.17 due to insufficient input sanitization and output escaping. | 6.1 |
2024-12-02 | CVE-2024-33037 | Qualcomm | Buffer Over-read vulnerability in Qualcomm products Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware. | 6.1 |
2024-12-03 | CVE-2021-29892 | IBM | Cleartext Transmission of Sensitive Information vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
2024-12-05 | CVE-2018-9407 | Google | Unspecified vulnerability in Google Android In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. | 5.5 |
2024-12-04 | CVE-2024-53127 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" The commit 8396c793ffdf ("mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K") increased the max_req_size, even for 4K pages, causing various issues: - Panic booting the kernel/rootfs from an SD card on Rockchip RK3566 - Panic booting the kernel/rootfs from an SD card on StarFive JH7100 - "swiotlb buffer is full" and data corruption on StarFive JH7110 At this stage no fix have been found, so it's probably better to just revert the change. This reverts commit 8396c793ffdf28bb8aee7cfe0891080f8cab7890. | 5.5 |
2024-12-04 | CVE-2024-53128 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers When CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, the object_is_on_stack() function may produce incorrect results due to the presence of tags in the obj pointer, while the stack pointer does not have tags. | 5.5 |
2024-12-04 | CVE-2024-53129 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: Fix a dereferenced before check warning The 'state' can't be NULL, we should check crtc_state. Fix warning: drivers/gpu/drm/rockchip/rockchip_drm_vop.c:1096 vop_plane_atomic_async_check() warn: variable dereferenced before check 'state' (see line 1077) | 5.5 |
2024-12-04 | CVE-2024-53130 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint When using the "block:block_dirty_buffer" tracepoint, mark_buffer_dirty() may cause a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because, since the tracepoint was added in mark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, nilfs_grab_buffer(), which grabs a buffer to read (or create) a block of metadata, including b-tree node blocks, does not set the block device, but instead does so only if the buffer is not in the "uptodate" state for each of its caller block reading functions. | 5.5 |
2024-12-04 | CVE-2024-53131 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Patch series "nilfs2: fix null-ptr-deref bugs on block tracepoints". This series fixes null pointer dereference bugs that occur when using nilfs2 and two block-related tracepoints. This patch (of 2): It has been reported that when using "block:block_touch_buffer" tracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because since the tracepoint was added in touch_buffer(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. | 5.5 |
2024-12-04 | CVE-2024-53132 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix "Missing outer runtime PM protection" warning Fix the following drm_WARN: [953.586396] xe 0000:00:02.0: [drm] Missing outer runtime PM protection ... <4> [953.587090] ? xe_pm_runtime_get_noresume+0x8d/0xa0 [xe] <4> [953.587208] guc_exec_queue_add_msg+0x28/0x130 [xe] <4> [953.587319] guc_exec_queue_fini+0x3a/0x40 [xe] <4> [953.587425] xe_exec_queue_destroy+0xb3/0xf0 [xe] <4> [953.587515] xe_oa_release+0x9c/0xc0 [xe] (cherry picked from commit b107c63d2953907908fd0cafb0e543b3c3167b75) | 5.5 |
2024-12-04 | CVE-2024-53134 | Linux | Always-Incorrect Control Flow Implementation vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx93-blk-ctrl: correct remove path The check condition should be 'i < bc->onecell_data.num_domains', not 'bc->onecell_data.num_domains' which will make the look never finish and cause kernel panic. Also disable runtime to address "imx93-blk-ctrl 4ac10000.system-controller: Unbalanced pm_runtime_enable!" | 5.5 |
2024-12-04 | CVE-2024-53137 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ARM: fix cacheflush with PAN It seems that the cacheflush syscall got broken when PAN for LPAE was implemented. | 5.5 |
2024-12-04 | CVE-2024-53138 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of get_page() and page_ref_inc() APIs to increment the page reference. | 5.5 |
2024-12-04 | CVE-2024-53140 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. | 5.5 |
2024-12-04 | CVE-2024-11093 | | The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. | 5.5 |
2024-12-03 | CVE-2024-12082 | Openatom | Insecure Storage of Sensitive Information vulnerability in Openatom Openharmony in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | 5.5 |
2024-12-03 | CVE-2024-9978 | Openatom | Out-of-bounds Read vulnerability in Openatom Openharmony in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | 5.5 |
2024-12-03 | CVE-2018-9441 | Google | Out-of-bounds Read vulnerability in Google Android In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. | 5.5 |
2024-12-03 | CVE-2018-9449 | Google | Out-of-bounds Read vulnerability in Google Android In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to a missing bounds check. | 5.5 |
2024-12-02 | CVE-2018-9435 | Google | Out-of-bounds Read vulnerability in Google Android In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing bounds check. | 5.5 |
2024-12-02 | CVE-2024-53107 | Linux | Integer Overflow or Wraparound vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args() The "arg->vec_len" variable is a u64 that comes from the user at the start of the function. | 5.5 |
2024-12-02 | CVE-2024-53109 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: nommu: pass NULL argument to vma_iter_prealloc() When deleting a vma entry from a maple tree, it has to pass NULL to vma_iter_prealloc() in order to calculate internal state of the tree, but it passed a wrong argument. | 5.5 |
2024-12-02 | CVE-2024-53110 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix id_table array not null terminated error Allocate one extra virtio_device_id as null terminator, otherwise vdpa_mgmtdev_get_classes() may iterate multiple times and visit undefined memory. | 5.5 |
2024-12-02 | CVE-2024-53111 | Linux | Integer Overflow or Wraparound vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix address wraparound in move_page_tables() On 32-bit platforms, it is possible for the expression `len + old_addr < old_end` to be false-positive if `len + old_addr` wraps around. | 5.5 |
2024-12-02 | CVE-2024-53112 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: <TASK> ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? do_error_trap+0x1dc/0x2c0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? __pfx_do_error_trap+0x10/0x10 ? handle_invalid_op+0x34/0x40 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? ocfs2_set_new_buffer_uptodate+0x2e/0x160 ? ocfs2_set_new_buffer_uptodate+0x144/0x160 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ocfs2_group_add+0x39f/0x15a0 ? __pfx_ocfs2_group_add+0x10/0x10 ? __pfx_lock_acquire+0x10/0x10 ? mnt_get_write_access+0x68/0x2b0 ? __pfx_lock_release+0x10/0x10 ? rcu_read_lock_any_held+0xb7/0x160 ? __pfx_rcu_read_lock_any_held+0x10/0x10 ? smack_log+0x123/0x540 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x226/0x2b0 ocfs2_ioctl+0x65e/0x7d0 ? __pfx_ocfs2_ioctl+0x10/0x10 ? smack_file_ioctl+0x29e/0x3a0 ? __pfx_smack_file_ioctl+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x43d/0x780 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 ? __pfx_ocfs2_ioctl+0x10/0x10 __se_sys_ioctl+0xfb/0x170 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... </TASK> When 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' has failed for the particular inode in 'ocfs2_verify_group_and_input()', corresponding buffer head remains cached and subsequent call to the same 'ioctl()' for the same inode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying to cache the same buffer head of that inode). | 5.5 |
2024-12-02 | CVE-2024-53113 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in alloc_pages_bulk_noprof() when the task is migrated between cpusets. When cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be ¤t->mems_allowed. | 5.5 |
2024-12-02 | CVE-2024-53114 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client A number of Zen4 client SoCs advertise the ability to use virtualized VMLOAD/VMSAVE, but using these instructions is reported to be a cause of a random host reboot. These instructions aren't intended to be advertised on Zen4 client so clear the capability. | 5.5 |
2024-12-02 | CVE-2024-53115 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle The 'vmw_user_object_buffer' function may return NULL with incorrect inputs. | 5.5 |
2024-12-02 | CVE-2024-53116 | Linux | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix handling of partial GPU mapping of BOs This commit fixes the bug in the handling of partial mapping of the buffer objects to the GPU, which caused kernel warnings. Panthor didn't correctly handle the case where the partial mapping spanned multiple scatterlists and the mapping offset didn't point to the 1st page of starting scatterlist. | 5.5 |
2024-12-02 | CVE-2024-53117 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Improve MSG_ZEROCOPY error handling Add a missing kfree_skb() to prevent memory leaks. | 5.5 |
2024-12-02 | CVE-2024-53118 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: vsock: Fix sk_error_queue memory leak Kernel queues MSG_ZEROCOPY completion notifications on the error queue. Where they remain, until explicitly recv()ed. | 5.5 |
2024-12-02 | CVE-2024-53119 | Linux | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix accept_queue memory leak As the final stages of socket destruction may be delayed, it is possible that virtio_transport_recv_listen() will be called after the accept_queue has been flushed, but before the SOCK_DONE flag has been set. | 5.5 |
2024-12-02 | CVE-2024-53120 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add() callback returns error, zone_rule->attr is used uninitiated. | 5.5 |
2024-12-02 | CVE-2024-53121 | Linux | Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from hardware, set the hardware deletion function to NULL and unlock the FTE. - Lock the parent flow group, delete the software copy of the FTE, and remove it from the xarray. However, this approach encounters a race condition if a rule with the same match value is added simultaneously. | 5.5 |
2024-12-02 | CVE-2024-53122 | Linux | Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. | 5.5 |
2024-12-02 | CVE-2024-53123 | Linux | Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mptcp: error out earlier on disconnect Eric reported a division by zero splat in the MPTCP protocol: Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted 6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163 Code: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8 0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 <f7> 7c 24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89 RSP: 0018:ffffc900041f7930 EFLAGS: 00010293 RAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b RDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004 RBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67 R10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80 R13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000 FS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493 mptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline] mptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289 inet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885 sock_recvmsg_nosec net/socket.c:1051 [inline] sock_recvmsg+0x1b2/0x250 net/socket.c:1073 __sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265 __do_sys_recvfrom net/socket.c:2283 [inline] __se_sys_recvfrom net/socket.c:2279 [inline] __x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7feb5d857559 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d RAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559 RDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000 R10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c R13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef and provided a nice reproducer. The root cause is the current bad handling of racing disconnect. After the blamed commit below, sk_wait_data() can return (with error) with the underlying socket disconnected and a zero rcv_mss. Catch the error and return without performing any additional operations on the current socket. | 5.5 |
2024-12-07 | CVE-2024-12253 | | The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'save_settings', 'export_csv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. | 5.4 |
2024-12-06 | CVE-2024-11321 | | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hi e-learning Learning Management System (LMS) allows Reflected XSS.This issue affects Learning Management System (LMS): before 06.12.2024. | 5.4 |
2024-12-06 | CVE-2024-9866 | | The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping and missing authorization on the functionality to manage tickets. | 5.4 |
2024-12-06 | CVE-2024-9872 | | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_user_data_callback() function in all versions up to, and including, 4.5.1. | 5.4 |
2024-12-04 | CVE-2024-12182 | Dedecms | Cross-site Scripting vulnerability in Dedecms A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. | 5.4 |
2024-12-04 | CVE-2024-12183 | Dedecms | Cross-site Scripting vulnerability in Dedecms A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. | 5.4 |
2024-12-04 | CVE-2024-12180 | Dedecms | Cross-site Scripting vulnerability in Dedecms A vulnerability classified as problematic has been found in DedeCMS 5.7.116. | 5.4 |
2024-12-04 | CVE-2024-12181 | Dedecms | Cross-site Scripting vulnerability in Dedecms A vulnerability classified as problematic was found in DedeCMS 5.7.116. | 5.4 |
2024-12-07 | CVE-2024-41762 | | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | 5.3 |
2024-12-07 | CVE-2024-37071 | | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. | 5.3 |
2024-12-06 | CVE-2024-47791 | Ruijienetworks | Unspecified vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices. | 5.3 |
2024-12-06 | CVE-2024-47043 | Ruijienetworks | Unspecified vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address. | 5.3 |
2024-12-06 | CVE-2024-11738 | | A flaw was found in Rustls 0.23.13 and related APIs. | 5.3 |
2024-12-03 | CVE-2024-25035 | IBM | Exposure of System Data to an Unauthorized Control Sphere vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks. | 5.3 |
2024-12-02 | CVE-2024-8785 | Progress | Unspecified vulnerability in Progress Whatsup Gold In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. | 5.3 |
2024-12-04 | CVE-2024-20397 | | A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. | 5.2 |
2024-12-03 | CVE-2024-11325 | | The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. | 5.2 |
2024-12-03 | CVE-2024-9197 | | A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled. | 4.9 |
2024-12-06 | CVE-2024-48703 | Anujk305 | Cross-site Scripting vulnerability in Anujk305 Medical Card Generation System 1.0 PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter. | 4.8 |
2024-12-04 | CVE-2024-53136 | Linux | Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mm: revert "mm: shmem: fix data-race in shmem_getattr()" Revert d949d1d14fa2 ("mm: shmem: fix data-race in shmem_getattr()") as suggested by Chuck [1]. | 4.7 |
2024-12-02 | CVE-2024-53124 | Linux | Race Condition vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: fix data-races around sk->sk_forward_alloc Syzkaller reported this warning: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0 Modules linked in: CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:inet_sock_destruct+0x1c5/0x1e0 Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 <0f> 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00 RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206 RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007 RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00 RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007 R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00 R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? __warn+0x88/0x130 ? inet_sock_destruct+0x1c5/0x1e0 ? report_bug+0x18e/0x1a0 ? handle_bug+0x53/0x90 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? inet_sock_destruct+0x1c5/0x1e0 __sk_destruct+0x2a/0x200 rcu_do_batch+0x1aa/0x530 ? rcu_do_batch+0x13b/0x530 rcu_core+0x159/0x2f0 handle_softirqs+0xd3/0x2b0 ? __pfx_smpboot_thread_fn+0x10/0x10 run_ksoftirqd+0x25/0x30 smpboot_thread_fn+0xdd/0x1d0 kthread+0xd3/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> ---[ end trace 0000000000000000 ]--- Its possible that two threads call tcp_v6_do_rcv()/sk_forward_alloc_add() concurrently when sk->sk_state == TCP_LISTEN with sk->sk_lock unlocked, which triggers a data-race around sk->sk_forward_alloc: tcp_v6_rcv tcp_v6_do_rcv skb_clone_and_charge_r sk_rmem_schedule __sk_mem_schedule sk_forward_alloc_add() skb_set_owner_r sk_mem_charge sk_forward_alloc_add() __kfree_skb skb_release_all skb_release_head_state sock_rfree sk_mem_uncharge sk_forward_alloc_add() sk_mem_reclaim // set local var reclaimable __sk_mem_reclaim sk_forward_alloc_add() In this syzkaller testcase, two threads call tcp_v6_do_rcv() with skb->truesize=768, the sk_forward_alloc changes like this: (cpu 1) | (cpu 2) | sk_forward_alloc ... | 4.7 |
2024-12-06 | CVE-2024-9769 | | The Video Gallery – Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. | 4.4 |
2024-12-05 | CVE-2018-9408 | Google | Out-of-bounds Read vulnerability in Google Android In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Out Of Bounds Read due to a missing bounds check. | 4.4 |
2024-12-07 | CVE-2024-11353 | | The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_message() function in all versions up to, and including, 1.1.0. | 4.3 |
2024-12-07 | CVE-2024-12026 | | The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. | 4.3 |
2024-12-07 | CVE-2024-12115 | | The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. | 4.3 |
2024-12-06 | CVE-2024-10689 | | The XLTab – Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4 via the 'XLTAB_INSERT_TPL' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
2024-12-06 | CVE-2024-10692 | | The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. | 4.3 |
2024-12-06 | CVE-2024-11444 | | The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. | 4.3 |
2024-12-06 | CVE-2024-12027 | | The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. | 4.3 |
2024-12-06 | CVE-2024-12110 | | The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. | 4.3 |
2024-12-06 | CVE-2024-9705 | | The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsm_update_template_name_lite' function in all versions up to, and including, 1.0.9. | 4.3 |
2024-12-05 | CVE-2024-10777 | | The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
2024-12-05 | CVE-2024-11341 | | The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. | 4.3 |
2024-12-04 | CVE-2024-10787 | | The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
2024-12-04 | CVE-2024-10664 | | The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the basepress_db_posts_update() function in all versions up to, and including, 2.16.3.3. | 4.3 |
2024-12-04 | CVE-2024-12099 | | The Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
2024-12-04 | CVE-2024-10663 | | The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in all versions up to, and including, 1.8. | 4.3 |
2024-12-03 | CVE-2024-45676 | IBM | Insufficient Type Distinction vulnerability in IBM Cognos Controller 11.0.0/11.0.1 IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction. | 4.3 |
2024-12-03 | CVE-2024-12062 | | The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. | 4.3 |
2024-12-03 | CVE-2024-11844 | | The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and including, 8.71. | 4.3 |