641
|
5.3 |
MEDIUM
Network
funnelforms
|
funnelforms_free
|
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check o…
|
CWE-862
Missing Authorization
|
CVE-2024-5857
|
2024-10-4 21:59 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
642
|
4.3 |
MEDIUM
Network
|
volkov
|
wp_accessibility_helper
|
The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_contrast_variations' and 'save_empty_contrast_…
|
CWE-862
Missing Authorization
|
CVE-2024-5987
|
2024-10-4 21:56 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
643
|
8.8 |
HIGH
Network
|
mmrs151
|
daily_prayer_time
|
Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.03.08 versions.
|
CWE-352
Origin Validation Error
|
CVE-2023-27632
|
2024-10-4 21:53 |
2023-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
644
|
5.4 |
MEDIUM
Network
|
mmrs151
|
daily_prayer_time
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.05.04 versions.
|
CWE-79
Cross-site Scripting
|
CVE-2023-27631
|
2024-10-4 21:53 |
2023-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
645
|
5.4 |
MEDIUM
Network
|
mmrs151
|
daily_prayer_time
|
The Daily Prayer Time WordPress plugin before 2021.08.10 does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issu…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24523
|
2024-10-4 21:53 |
2021-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
646
|
7.1 |
HIGH
Network
|
redhat
|
keycloak single_sign-on build_of_keycloak
|
A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin opti…
|
CWE-384
Session Fixation
|
CVE-2024-7341
|
2024-10-4 21:48 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
647
|
4.2 |
MEDIUM
Network
|
redhat
|
quay
|
A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the…
|
NVD-CWE-Other
|
CVE-2024-5891
|
2024-10-4 21:32 |
2024-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
648
|
4.8 |
MEDIUM
Network
|
podman_project redhat fedoraproject
|
podman enterprise_linux openshift_container_platform fedora
|
A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-3056
|
2024-10-4 21:31 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
649
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9435
|
2024-10-4 16:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
650
|
- |
|
-
|
-
|
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
|
-
|
CVE-2024-6444
|
2024-10-4 16:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|