141
|
- |
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Linux and Microsoft Windows Octopus Server on Windows, Linux allows SQL Injection.This issue affe…
New
|
-
|
CVE-2024-9194
|
2024-10-2 00:35 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
142
|
- |
|
-
|
-
|
An issue in the _readFileSync function of Simple-Spellchecker v1.0.2 allows attackers to read arbitrary files via a directory traversal.
New
|
-
|
CVE-2024-46503
|
2024-10-2 00:35 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
143
|
- |
|
-
|
-
|
The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow use…
New
|
-
|
CVE-2024-8536
|
2024-10-2 00:35 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
144
|
- |
|
-
|
-
|
The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a…
New
|
-
|
CVE-2024-8379
|
2024-10-2 00:35 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
145
|
4.8 |
MEDIUM
Network
|
codepeople
|
contact_form_email
|
The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting at…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-5955
|
2024-10-2 00:35 |
2023-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
146
|
5.3 |
MEDIUM
Network
wpbrigade
|
simple_social_buttons
|
The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags
Update
|
NVD-CWE-noinfo
|
CVE-2023-5845
|
2024-10-2 00:35 |
2023-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
147
|
4.3 |
MEDIUM
Network
|
limitloginattempts
|
limit_login_attempts_reloaded
|
The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update stat…
Update
|
CWE-862
Missing Authorization
|
CVE-2023-5525
|
2024-10-2 00:35 |
2023-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
148
|
5.4 |
MEDIUM
Network
|
thimpress
|
wp_hotel_booking
|
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated user…
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-5651
|
2024-10-2 00:35 |
2023-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
149
|
9.1 |
CRITICAL
Network
atlassian
|
jira_service_management
|
An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management inst…
Update
|
CWE-287
Improper Authentication
|
CVE-2023-22501
|
2024-10-2 00:35 |
2023-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
150
|
7.8 |
HIGH
Local
|
microsoft git_for_windows_project
|
visual_studio_2022 visual_studio_2017 visual_studio_2019 git_for_windows
|
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
Update
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2022-24767
|
2024-10-2 00:35 |
2022-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|