5.5

CVSS3.1

CVE-2024-26785 - iommufd: Fix protection fault in iommufd_test_syz_conv_iova

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix protection fault in iommufd_test_syz_conv_iova Syzkaller reported the following bug: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in …

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: May 4, 2025, 8:56 a.m.

5.4

CVSS3.1

CVE-2023-25199 -

A reflected cross-site scripting (XSS) vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser.

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.5

CVSS3.1

CVE-2024-26801 - Bluetooth: Avoid potential use-after-free in hci_error_reset

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Avoid potential use-after-free in hci_error_reset While handling the HCI_EV_HARDWARE_ERROR event, if the underlying BT controller is not responding, the GPIO reset mechanism would free the hci_dev and lead to a use-aft…

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: May 4, 2025, 8:56 a.m.

6

CVSS3.1

CVE-2024-3447 - Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()

A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting …

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: Nov. 3, 2025, 8:16 p.m.

2.6

CVSS3.1

CVE-2024-30261 - Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in in…

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: Nov. 4, 2025, 5:15 p.m.

8.8

CVSS3.1

CVE-2024-30565 -

An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php.

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: March 28, 2025, 4:52 p.m.

5.5

CVSS3.1

CVE-2024-26794 - kernel: btrfs: fix race between ordered extent completion and fiemap

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: June 19, 2025, 1:15 p.m.

9.8

CVSS3.1

CVE-2024-29375 -

CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters.

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.5

CVSS3.1

CVE-2024-26803 - net: veth: clear GRO when clearing XDP even when down

In the Linux kernel, the following vulnerability has been resolved: net: veth: clear GRO when clearing XDP even when down veth sets NETIF_F_GRO automatically when XDP is enabled, because both features use the same NAPI machinery. The logic to clear NETIF_F_GRO sits in veth_disable_xdp() which is…

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: May 4, 2025, 8:56 a.m.

7.5

CVSS3.1

CVE-2023-36644 -

Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin.

πŸ“… Published: April 4, 2024, midnight πŸ”„ Last Modified: April 24, 2025, 2:27 p.m.
Total resulsts: 349182
Page 10438 of 34,919
Β« previous page Β» next page
Filters