71
|
6.1 |
MEDIUM
Network
|
leira
|
cron_jobs
|
The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9.…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8731
|
2024-09-27 04:43 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
72
|
- |
|
-
|
-
|
The goTenna Pro series use AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to any attacker that can access the message.
New
|
CWE-353
Missing Support for Integrity Check
|
CVE-2024-47123
|
2024-09-27 04:35 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
73
|
- |
|
-
|
-
|
A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood Bank And Donation Management System 1.0 allows an attacker to inject malicious scripts that will be executed when the Donor List i…
New
|
-
|
CVE-2024-45984
|
2024-09-27 04:35 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
74
|
9.8 |
CRITICAL
Network
dedecms
|
dedecms
|
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2023-40784
|
2024-09-27 04:35 |
2023-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
75
|
7.8 |
HIGH
Local
|
raidenftpd
|
raidenftpd
|
Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard.
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2023-39063
|
2024-09-27 04:35 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
76
|
8.0 |
HIGH
Adjacent
|
tp-link
|
archer_c3150_firmware
|
Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
Update
|
CWE-78
OS Command
|
CVE-2023-38588
|
2024-09-27 04:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
77
|
6.1 |
MEDIUM
Network
|
lucasstad
|
lucas_string_replace
|
The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includ…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8734
|
2024-09-27 04:30 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
78
|
5.4 |
MEDIUM
Network
|
khromov
|
email_obfuscate_shortcode
|
The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insuffici…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8747
|
2024-09-27 04:23 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
79
|
6.1 |
MEDIUM
Network
|
kubiq
|
pdf_thumbnail_generator
|
The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and inc…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8737
|
2024-09-27 04:18 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
80
|
4.3 |
MEDIUM
Network
|
sentry
|
sentry
|
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-45606
|
2024-09-27 04:16 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|