711
|
4.3 |
MEDIUM
Network
|
multiparcels
|
multiparcels_shipping_for_woocommerce
|
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment vi…
|
-
|
CVE-2023-3366
|
2024-10-4 05:35 |
2023-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
712
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap …
|
CWE-416
Use After Free
|
CVE-2023-2458
|
2024-10-4 05:35 |
2023-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
713
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium se…
|
CWE-787
Out-of-bounds Write
|
CVE-2023-2457
|
2024-10-4 05:35 |
2023-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
714
|
8.6 |
HIGH
Network
cisco
|
ios_xe
|
A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition o…
|
NVD-CWE-noinfo
|
CVE-2024-20467
|
2024-10-4 05:09 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
715
|
8.6 |
HIGH
Network
cisco
|
ios_xe
|
A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric edge nodes could allow an unauthenticated, remote attacker to cause high CPU utiliz…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2024-20480
|
2024-10-4 05:07 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
716
|
4.3 |
MEDIUM
Network
|
gestsup
|
gestsup
|
A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request.
|
CWE-352
Origin Validation Error
|
CVE-2023-52060
|
2024-10-4 04:58 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
717
|
5.4 |
MEDIUM
Network
|
trendmicro
|
interscan_web_security_virtual_appliance
|
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations.
Please note…
|
CWE-79
Cross-site Scripting
|
CVE-2024-36359
|
2024-10-4 04:49 |
2024-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
718
|
7.8 |
HIGH
Local
|
aveva
|
pi_asset_framework_client
|
There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socia…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-3467
|
2024-10-4 04:47 |
2024-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
719
|
4.9 |
MEDIUM
Network
|
elastic
|
elasticsearch
|
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-37280
|
2024-10-4 04:37 |
2024-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
720
|
4.6 |
MEDIUM
Physics
|
motorola
|
vigilant_fixed_lpr_coms_box_firmware
|
An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-38280
|
2024-10-4 04:36 |
2024-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|