41
|
- |
|
-
|
-
|
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device.&n…
New
|
-
|
CVE-2024-20385
|
2024-10-3 02:15 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
42
|
- |
|
-
|
-
|
A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to pe…
New
|
-
|
CVE-2024-20365
|
2024-10-3 02:15 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
43
|
6.1 |
MEDIUM
Network
|
dotsquares
|
contact_form_7_math_captcha
|
The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-6517
|
2024-10-3 02:15 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
44
|
6.1 |
MEDIUM
Network
|
madfishdigital
|
bulk_noindex_\&_nofollow_toolkit
|
The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8803
|
2024-10-3 02:15 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
45
|
2.7 |
LOW
Network
|
uncannyowl
|
uncanny_groups_for_learndash
|
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions …
Update
|
CWE-862
Missing Authorization
|
CVE-2024-8350
|
2024-10-3 02:10 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
46
|
5.4 |
MEDIUM
Network
|
wangbin
|
012_ps_multi_languages
|
The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8723
|
2024-10-3 02:00 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
47
|
4.3 |
MEDIUM
Network
|
wpchill
|
download_monitor
|
The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enable_shop() function in all versions up to, and including, 5.0.…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-8552
|
2024-10-3 02:00 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
48
|
5.4 |
MEDIUM
Network
|
zkteco
|
wdms
|
Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-51157
|
2024-10-3 01:58 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
49
|
7.2 |
HIGH
Network
|
uncannyowl
|
uncanny_groups_for_learndash
|
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what user…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-8349
|
2024-10-3 01:50 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
50
|
6.5 |
MEDIUM
Network
|
madrasthemes
|
mas_static_content
|
The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. This makes it possible for authenticat…
Update
|
NVD-CWE-noinfo
|
CVE-2024-8483
|
2024-10-3 01:42 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|