501
|
5.4 |
MEDIUM
Network
|
hasthemes
|
ht_mega
|
The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2021-24261
|
2024-10-4 02:35 |
2021-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
502
|
8.8 |
HIGH
Network
|
atlassian
|
confluence_data_center confluence_server jira_service_management jira_data_center jira_server crucible fisheye crowd bitbucket bamboo jira_service_desk
|
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlass…
Update
|
CWE-346
Origin Validation Error
|
CVE-2022-26137
|
2024-10-4 02:35 |
2022-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
503
|
9.8 |
CRITICAL
Network
atlassian
|
confluence_data_center confluence_server jira_service_management jira_data_center jira_server crucible fisheye crowd bitbucket bamboo jira_service_desk
|
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by …
Update
|
CWE-287
Improper Authentication
|
CVE-2022-26136
|
2024-10-4 02:35 |
2022-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
504
|
4.3 |
MEDIUM
Network
|
hasthemes
|
ht_mega
|
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.5 via the render function in includes/widget…
Update
|
NVD-CWE-noinfo
|
CVE-2024-8910
|
2024-10-4 02:34 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
505
|
6.1 |
MEDIUM
Network
|
hasthemes
|
ht_mega
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-50901
|
2024-10-4 02:34 |
2023-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
506
|
4.3 |
MEDIUM
Network
|
elastic
|
kibana
|
A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting …
Update
|
NVD-CWE-Other
|
CVE-2024-37279
|
2024-10-4 02:33 |
2024-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
507
|
4.6 |
MEDIUM
Physics
|
motorola
|
vigilant_fixed_lpr_coms_box_firmware
|
The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-38279
|
2024-10-4 02:32 |
2024-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
508
|
8.8 |
HIGH
Adjacent
|
silabs
|
gecko_os
|
Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected insta…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-23938
|
2024-10-4 02:29 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
509
|
5.3 |
MEDIUM
Network
wpfactory
|
eu\/uk_vat_manager_for_woocommerce
|
The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function i…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-9189
|
2024-10-4 02:26 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
510
|
6.1 |
MEDIUM
Network
|
wpfactory
|
eu\/uk_vat_manager_for_woocommerce
|
The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up t…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8788
|
2024-10-4 02:25 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|