CVE ID : CVE-2024-57879 Published : Jan. 11, 2025, 3:15 p.m. | 1 day ago Description : In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Always release hdev at the end of iso_listen_bis Since hci_get_route holds the device before returning, the hdev should be released with hci_dev_put at the end of iso_listen_bis…

CVE ID : CVE-2024-57878 Published : Jan. 11, 2025, 3:15 p.m. | 1 day ago Description : In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR Currently fpmr_set() doesn’t initialize the temporary ‘fpmr’ variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently…

CVE ID : CVE-2024-12877 Published : Jan. 11, 2025, 8:15 a.m. | 1 day, 7 hours ago Description : The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like ‘firstName’. This makes…

CVE ID : CVE-2024-42168 Published : Jan. 11, 2025, 3:15 a.m. | 1 day, 12 hours ago Description : HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content. Severity: 8.9 | HIGH Visit the…

CVE ID : CVE-2024-9188 Published : Jan. 10, 2025, 10:15 p.m. | 1 day, 17 hours ago Description : Specially constructed queries cause cross platform scripting leaking administrator tokens Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2024-9134 Published : Jan. 10, 2025, 10:15 p.m. | 1 day, 17 hours ago Description : Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges. Severity: 8.3 |…

CVE ID : CVE-2024-9132 Published : Jan. 10, 2025, 10:15 p.m. | 1 day, 17 hours ago Description : The administrator is able to configure an insecure captive portal script Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2024-47519 Published : Jan. 10, 2025, 10:15 p.m. | 1 day, 17 hours ago Description : Backup uploads to ETM subject to man-in-the-middle interception Severity: 8.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2024-12847 Published : Jan. 10, 2025, 8:15 p.m. | 1 day, 19 hours ago Description : NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited…

CVE ID : CVE-2025-22598 Published : Jan. 10, 2025, 4:15 p.m. | 1 day, 23 hours ago Description : WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the cadastrarSocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected…