CVE-2024-4689
published 2024-05-14CVE-2024-4689: Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive…
PriorityP415medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.25%
16.2th percentile
Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images shortpixel-adaptive-images.This issue affects ShortPixel Adaptive Images: from n/a through <= 3.8.3.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| shortpixel | shortpixel_adaptive_images | <= 3.8.3 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v484-r27j-mv8x: Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images
ghsa_unreviewed·2024-05-14
CVE-2024-4689 [MEDIUM] CWE-352 GHSA-v484-r27j-mv8x: Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images
Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.3.
Red Hat
kernel: wifi: ath12k: fix warning when unbinding
vendor_redhat·2024-12-27·CVSS 7.8
CVE-2024-53191 [HIGH] CWE-415 kernel: wifi: ath12k: fix warning when unbinding
kernel: wifi: ath12k: fix warning when unbinding
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix warning when unbinding
If there is an error during some initialization related to firmware,
the buffers dp->tx_ring[i].tx_status are released.
However this is released again when the device is unbinded (ath12k_pci),
and we get:
WARNING: CPU: 0 PID: 2098 at mm/slub.c:4689 free_large_kmalloc+0x4d/0x80
Call Trace:
free_large_kmalloc
ath12k_dp_free
ath12k_core_deinit
ath12k_pci_remove
...
The issue is always reproducible from a VM because the MSI addressing
initialization is failing.
In order to fix the issue, just set the buffers to NULL after releasing in
order to avoid the double free.
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: k
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://patchstack.com/database/Wordpress/Plugin/shortpixel-adaptive-images/vulnerability/wordpress-shortpixel-adaptive-images-plugin-3-8-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/shortpixel-adaptive-images/wordpress-shortpixel-adaptive-images-plugin-3-8-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
2024-05-14
Published