141
|
4.3 |
MEDIUM
Network
|
liferay
|
digital_experience_platform liferay_portal
|
The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a lis…
Update
|
CWE-862
Missing Authorization
|
CVE-2023-3426
|
2024-10-3 01:15 |
2023-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
142
|
9.8 |
CRITICAL
Network
artbees
|
jupiter_x_core
|
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This m…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7772
|
2024-10-3 01:10 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
143
|
6.5 |
MEDIUM
Network
|
mmrs151
|
daily_prayer_time
|
The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode in all versions up to, and including, 2024.08.26 due to insuffici…
Update
|
CWE-89
SQL Injection
|
CVE-2024-8621
|
2024-10-3 01:10 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
144
|
6.1 |
MEDIUM
Network
|
xtendify
|
simple_calendar
|
The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versio…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8549
|
2024-10-3 01:04 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
145
|
6.1 |
MEDIUM
Network
|
itpathsolutions
|
contact_form_to_any_api
|
The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.2 due to insufficient input sani…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-7617
|
2024-10-3 01:02 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
146
|
6.1 |
MEDIUM
Network
|
ellevo
|
ellevo
|
A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-46655
|
2024-10-3 00:40 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
147
|
7.5 |
HIGH
Network
nokia
|
service_router_linux service_router_operating_system
|
Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes.
Update
|
NVD-CWE-noinfo
|
CVE-2023-41376
|
2024-10-3 00:35 |
2023-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
148
|
7.8 |
HIGH
Local
|
pagekit
|
pagekit
|
An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php
Update
|
NVD-CWE-noinfo
|
CVE-2023-41005
|
2024-10-3 00:35 |
2023-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
149
|
9.8 |
CRITICAL
Network
atlassian
|
crowd
|
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API u…
Update
|
NVD-CWE-noinfo
|
CVE-2022-43782
|
2024-10-3 00:35 |
2022-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
150
|
9.8 |
CRITICAL
Network
atlassian
|
bitbucket
|
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arb…
Update
|
CWE-77
Command Injection
|
CVE-2022-43781
|
2024-10-3 00:35 |
2022-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|