1
|
- |
-
|
-
|
-
|
Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
New
|
-
|
CVE-2024-54750
|
2024-12-7 01:15 |
2024-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2
|
- |
-
|
-
|
-
|
WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
New
|
-
|
CVE-2024-54747
|
2024-12-7 01:15 |
2024-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
3
|
- |
-
|
-
|
-
|
WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
New
|
-
|
CVE-2024-54745
|
2024-12-7 01:15 |
2024-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
4
|
- |
-
|
-
|
-
|
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC …
New
|
CWE-200
Information Exposure
|
CVE-2024-54137
|
2024-12-7 01:15 |
2024-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
5
|
- |
-
|
-
|
-
|
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/up…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-54136
|
2024-12-7 01:15 |
2024-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
6
|
- |
-
|
-
|
-
|
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upl…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-54135
|
2024-12-7 01:15 |
2024-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
7
|
- |
-
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter.
New
|
-
|
CVE-2024-50677
|
2024-12-7 01:15 |
2024-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
8
|
- |
-
|
-
|
-
|
The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP a…
New
|
-
|
CVE-2024-30129
|
2024-12-7 01:15 |
2024-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
9
|
- |
-
|
-
|
-
|
Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines()
method would not "pause" writing and signal to the Protocol to drain
the buffer to the wire once the write buffer reache…
New
|
-
|
CVE-2024-12254
|
2024-12-7 01:15 |
2024-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
10
|
- |
-
|
-
|
-
|
The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting a…
New
|
-
|
CVE-2024-10551
|
2024-12-7 01:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
11
|
- |
-
|
-
|
-
|
The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
New
|
-
|
CVE-2024-10480
|
2024-12-7 01:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
12
|
- |
-
|
-
|
-
|
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connectio…
New
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-54141
|
2024-12-7 00:15 |
2024-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
13
|
- |
-
|
-
|
-
|
HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.
New
|
-
|
CVE-2024-42196
|
2024-12-7 00:15 |
2024-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
14
|
5.3 |
MEDIUM
Network
-
|
-
|
A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.
New
|
CWE-248
Uncaught Exception
|
CVE-2024-11738
|
2024-12-7 00:15 |
2024-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
15
|
- |
-
|
-
|
-
|
CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions.
New
|
-
|
CVE-2024-54679
|
2024-12-7 00:15 |
2024-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
16
|
- |
-
|
-
|
-
|
Path Traversal vulnerability in NotFound ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1.
New
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2024-54216
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
17
|
- |
-
|
-
|
-
|
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18.
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-54214
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
18
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zionbuilder.io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPre…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-54213
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
19
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For El…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-54212
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
20
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualmodo Borderless allows Cross-Site Scripting (XSS).This issue affects Borderless: from n/a t…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-54211
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
21
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexShaper Advanced Element Bucket Addons for Elementor allows Stored XSS.This issue affects Adv…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-54210
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
22
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Awesome Shortcodes allows Reflected XSS.This issue affects Awesome Shortcodes: from n/a…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-54209
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
23
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joni Halabi Block Controller allows Reflected XSS.This issue affects Block Controller: from n/a t…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-54208
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
24
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows Stored XSS.This issue affects WordPr…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-54207
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
25
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in URBAN BASE Z-Downloads allows Stored XSS.This issue affects Z-Downloads: from n/a through 1.11.7.
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-54206
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
26
|
- |
-
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widget allows Cross Site Request Forgery.This issue affects Paloma Widget: from n/a through 1.14.
New
|
CWE-352
Origin Validation Error
|
CVE-2024-54205
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
27
|
- |
-
|
-
|
-
|
Missing Authorization vulnerability in WPSight WPCasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through 1.2.13.
New
|
-
|
CVE-2024-53826
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
28
|
- |
-
|
-
|
-
|
Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2.
New
|
CWE-862
Missing Authorization
|
CVE-2024-53825
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
29
|
- |
-
|
-
|
-
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AREOI All Bootstrap Blocks allows PHP Local File Inclusion.This issue affects …
New
|
-
|
CVE-2024-53824
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
30
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-53823
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
31
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pie Register Premium allows Reflected XSS.This issue affects Pie Register Premium: from …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-53821
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
32
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Captivate Audio Ltd Captivate Sync allows Stored XSS.This issue affects Captivate Sync: from n/a …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-53820
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
33
|
- |
-
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Acowebs Product Labels For Woocommerce allows Blind SQL Injection.This issue affects Product Labe…
New
|
CWE-89
SQL Injection
|
CVE-2024-53817
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
34
|
- |
-
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Blind SQL Injection.This issue affects Pinpoint Boo…
New
|
-
|
CVE-2024-53815
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
35
|
- |
-
|
-
|
-
|
Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 9.6.0.
New
|
CWE-862
Missing Authorization
|
CVE-2024-53813
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
36
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacques Malgrange WP GeoNames allows Reflected XSS.This issue affects WP GeoNames: from n/a throu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-53812
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
37
|
- |
-
|
-
|
-
|
Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit allows Upload a Web Shell to a Web Server.This issue affects WDesignkit: from n/a through 1.0.40.
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-53811
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
38
|
- |
-
|
-
|
-
|
Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a thro…
New
|
-
|
CVE-2024-53810
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
39
|
- |
-
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Namaste! LMS allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through 2.6.4.1.
New
|
CWE-352
Origin Validation Error
|
CVE-2024-53809
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
40
|
- |
-
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultim…
New
|
CWE-89
SQL Injection
|
CVE-2024-53808
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
41
|
- |
-
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through…
New
|
CWE-89
SQL Injection
|
CVE-2024-53807
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
42
|
- |
-
|
-
|
-
|
Missing Authorization vulnerability in WpMaspik Maspik – Spam blacklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a th…
New
|
CWE-862
Missing Authorization
|
CVE-2024-53806
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
43
|
- |
-
|
-
|
-
|
Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.
New
|
-
|
CVE-2024-53805
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
44
|
- |
-
|
-
|
-
|
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0.
New
|
-
|
CVE-2024-53804
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
45
|
- |
-
|
-
|
-
|
Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.
New
|
CWE-862
Missing Authorization
|
CVE-2024-53803
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
46
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-53802
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
47
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a thr…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-53801
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
48
|
- |
-
|
-
|
-
|
Missing Authorization vulnerability in BAKKBONE Australia FloristPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FloristPress: from n/a through 7.3.0.
New
|
CWE-862
Missing Authorization
|
CVE-2024-53799
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
49
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-53797
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
50
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows DOM-Based XSS.This issue affects Themesflat Add…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-53796
|
2024-12-6 23:15 |
2024-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|