551
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8800
|
2024-10-2 17:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
552
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up …
New
|
CWE-94
Code Injection
|
CVE-2024-8254
|
2024-10-2 16:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
553
|
- |
|
-
|
-
|
Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation
New
|
-
|
CVE-2024-9333
|
2024-10-2 15:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
554
|
- |
|
-
|
-
|
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI
New
|
-
|
CVE-2024-9174
|
2024-10-2 15:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
555
|
- |
|
-
|
-
|
The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to…
New
|
-
|
CVE-2024-7315
|
2024-10-2 15:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
556
|
- |
|
-
|
-
|
PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php.
New
|
-
|
CVE-2024-44610
|
2024-10-2 15:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
557
|
9.8 |
CRITICAL
Network
-
|
-
|
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-1083
|
2024-10-2 15:15 |
2024-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
558
|
5.3 |
MEDIUM
Local
|
wago
|
compact_controller_100_firmware edge_controller_firmware pfc100_firmware pfc200_firmware touch_panel_600_advanced_firmware touch_panel_600_marine_firmware touch_panel_600_standard_f…
|
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privile…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2023-3379
|
2024-10-2 15:15 |
2023-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
559
|
8.8 |
HIGH
Network
|
codesys
|
development_system
|
In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received…
Update
|
CWE-940
Improper Verification of Source of a Communication Channel
|
CVE-2023-3663
|
2024-10-2 15:15 |
2023-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
560
|
8.8 |
HIGH
Network
|
taphome
|
core_firmware
|
A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2023-2759
|
2024-10-2 15:15 |
2023-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|