Latest CVE Feed
-
7.2
HIGHCVE-2024-43370
gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting (XSS) injection if `.po` dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
5.4
MEDIUMCVE-2024-42486
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI c... Read more
Affected Products : cilium- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
7.1
HIGHCVE-2024-43348
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iznyn Purity Of Soul allows Reflected XSS.This issue affects Purity Of Soul: from n/a through 1.9.... Read more
Affected Products :- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-43320
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Pa... Read more
Affected Products : wpbakery_page_builder_addons- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
0.0
NACVE-2024-42267
In the Linux kernel, the following vulnerability has been resolved: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() Handle VM_FAULT_SIGSEGV in the page fault path so that we correctly kill the process and we don't BUG() the kernel.... Read more
Affected Products : linux_kernel- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-43262
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in webriti Busiprof allows Stored XSS.This issue affects Busiprof: from n/a through 2.4.8.... Read more
Affected Products :- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
0.0
NACVE-2024-42266
In the Linux kernel, the following vulnerability has been resolved: btrfs: make cow_file_range_inline() honor locked_page on error The btrfs buffered write path runs through __extent_writepage() which has some tricky return value handling for writepage_... Read more
Affected Products : linux_kernel- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-43263
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visual Composer Visual Composer Starter allows Stored XSS.This issue affects Visual Composer Starter: from n/a through 3.3.... Read more
Affected Products :- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
0.0
NACVE-2024-42260
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Validate passed in drm syncobj handles in the performance extension If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will ... Read more
Affected Products : linux_kernel- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
0.0
NACVE-2024-42321
In the Linux kernel, the following vulnerability has been resolved: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE The following splat is easy to reproduce upstream as well as in -stable kernels. Florian Westphal provided the following commit: d1dab... Read more
Affected Products : linux_kernel- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
7.5
HIGHCVE-2024-43315
Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1.... Read more
Affected Products : stripe_payments_for_woocommerce- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
0.0
NACVE-2024-43830
In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate() Triggers which have trigger specific sysfs attributes typically store related data in trigger-data allocated by th... Read more
Affected Products : linux_kernel- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
7.1
HIGHCVE-2024-43244
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in favethemes Houzez allows Reflected XSS.This issue affects Houzez: from n/a through 3.2.4.... Read more
Affected Products :- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-43349
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AREOI All Bootstrap Blocks allows Stored XSS.This issue affects All Bootstrap Blocks: from n/a through 1.3.19.... Read more
Affected Products : all_bootstrap_blocks- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
0.0
NACVE-2024-43816
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages On big endian architectures, it is possible to run into a memory out of bounds pointer dereference when FCP... Read more
Affected Products : linux_kernel- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
0.0
NACVE-2024-42317
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: avoid PMD-size page cache if needed xarray can't support arbitrary page cache size. the largest and supported page cache size is defined as MAX_PAGECACHE_ORDER by commi... Read more
Affected Products : linux_kernel- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
0.0
NACVE-2024-43832
In the Linux kernel, the following vulnerability has been resolved: s390/uv: Don't call folio_wait_writeback() without a folio reference folio_wait_writeback() requires that no spinlocks are held and that a folio reference is held, as documented. After ... Read more
Affected Products : linux_kernel- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
7.1
HIGHCVE-2024-43241
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in azzaroco Ultimate Membership Pro allows Reflected XSS.This issue affects Ultimate Membership Pro: from n/a through 12.6.... Read more
Affected Products : ultimate_membership_pro- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-43284
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Travel WP Travel Gutenberg Blocks allows Stored XSS.This issue affects WP Travel Gutenberg Blocks: from n/a through 3.5.1.... Read more
Affected Products :- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
7.1
HIGHCVE-2024-43306
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.6.0.... Read more
Affected Products :- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024