231
|
- |
|
-
|
-
|
A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device.
This vulnerability…
New
|
-
|
CVE-2024-20441
|
2024-10-3 02:15 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
232
|
- |
|
-
|
-
|
A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device.
This vulnerability exists becaus…
New
|
-
|
CVE-2024-20438
|
2024-10-3 02:15 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
233
|
- |
|
-
|
-
|
A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to perform a command injection attack agains…
New
|
-
|
CVE-2024-20432
|
2024-10-3 02:15 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
234
|
- |
|
-
|
-
|
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate pr…
New
|
-
|
CVE-2024-20393
|
2024-10-3 02:15 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
235
|
- |
|
-
|
-
|
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device.&n…
New
|
-
|
CVE-2024-20385
|
2024-10-3 02:15 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
236
|
- |
|
-
|
-
|
A vulnerability in the Redfish API of Cisco UCS B-Series, Cisco UCS Managed C-Series, and Cisco UCS X-Series Servers could allow an authenticated, remote attacker with administrative privileges to pe…
New
|
-
|
CVE-2024-20365
|
2024-10-3 02:15 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
237
|
6.1 |
MEDIUM
Network
|
dotsquares
|
contact_form_7_math_captcha
|
The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-6517
|
2024-10-3 02:15 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
238
|
6.1 |
MEDIUM
Network
|
madfishdigital
|
bulk_noindex_\&_nofollow_toolkit
|
The Bulk NoIndex & NoFollow Toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8803
|
2024-10-3 02:15 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
239
|
2.7 |
LOW
Network
|
uncannyowl
|
uncanny_groups_for_learndash
|
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions …
Update
|
CWE-862
Missing Authorization
|
CVE-2024-8350
|
2024-10-3 02:10 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
240
|
5.4 |
MEDIUM
Network
|
wangbin
|
012_ps_multi_languages
|
The 012 Ps Multi Languages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via translated titles in all versions up to, and including, 1.6 due to insufficient input sanitization and…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8723
|
2024-10-3 02:00 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|