5.1
CVE-2024-41781 - IBM PowerVM Hypervisor information disclosure
IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60,ย FW1050.00 throughย FW1050.20, and FW1060.00 through FW1060.10ย functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the Hโฆ
6.5
CVE-2024-51766 - HPE NonStop DISK UTIL, Local Denial of Service vulnerability
A potential security vulnerability has been identified in the HPE NonStop DISK UTIL (T9208) product. This vulnerability could be exploited to cause a denial of service (DoS) to NonStop server. It exists in all prior DISK UTIL product versions of L-series and J-series.
6.7
CVE-2021-30299 - Improper Input Validation in Audio
Possible out of bound access in audio module due to lack of validation of user provided input.
6.7
CVE-2017-9711 - Permissions, Privileges, and Access Controls in Data
Certain unprivileged processes are able to perform IOCTL calls.
6.5
CVE-2024-7882 - SQLi in Special Minds' e-Commerce
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Special Minds Design and Software e-Commerce allows SQL Injection.This issue affects e-Commerce: before 22.11.2024.
8.2
CVE-2024-7837 - SQLi in Firmanet Software's ERP
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Firmanet Software ERP allows SQL Injection.This issue affects ERP: through 22.11.2024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
5.8
CVE-2024-8929 - Leak partial content of the heap through heap buffer over-read in mysqlnd
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.
9.8
CVE-2024-8932 - OOB access in ldap_escape
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape()ย function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
6.6
CVE-2024-9422 - GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
4.3
CVE-2024-10666 - Easy Twitter Feed โ Twitter feeds plugin for WP <= 1.2.6 - Authenticated (Contributor+) Post Exposuโฆ
The Easy Twitter Feed โ Twitter feeds plugin for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.6 via the [etf] shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from passwโฆ