661
|
9.8 |
CRITICAL
Network
oracle
|
weblogic_server
|
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-2628
|
2024-10-4 22:35 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
662
|
4.8 |
MEDIUM
Network
|
funnyzpc
|
mee-admin
|
A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. This affects an unknown part of the file /mee/index of the component User Center. The manipulation of …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9279
|
2024-10-4 22:31 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
663
|
4.8 |
MEDIUM
Network
|
mage-people
|
ecab_taxi_booking_manager
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects …
|
CWE-79
Cross-site Scripting
|
CVE-2024-43986
|
2024-10-4 22:22 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
664
|
8.0 |
HIGH
Adjacent
|
apache
|
lucene
|
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
This issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0.
The deprecated org.apache.lucene.replicat…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-45772
|
2024-10-4 22:20 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
665
|
4.8 |
MEDIUM
Network
|
delower
|
wp_to_do
|
The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This…
|
CWE-79
Cross-site Scripting
|
CVE-2024-3944
|
2024-10-4 22:19 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
666
|
5.3 |
MEDIUM
Network
funnelforms
|
funnelforms_free
|
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check o…
|
CWE-862
Missing Authorization
|
CVE-2024-5857
|
2024-10-4 21:59 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
667
|
4.3 |
MEDIUM
Network
|
volkov
|
wp_accessibility_helper
|
The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_contrast_variations' and 'save_empty_contrast_…
|
CWE-862
Missing Authorization
|
CVE-2024-5987
|
2024-10-4 21:56 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
668
|
8.8 |
HIGH
Network
|
mmrs151
|
daily_prayer_time
|
Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.03.08 versions.
|
CWE-352
Origin Validation Error
|
CVE-2023-27632
|
2024-10-4 21:53 |
2023-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
669
|
5.4 |
MEDIUM
Network
|
mmrs151
|
daily_prayer_time
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.05.04 versions.
|
CWE-79
Cross-site Scripting
|
CVE-2023-27631
|
2024-10-4 21:53 |
2023-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
670
|
5.4 |
MEDIUM
Network
|
mmrs151
|
daily_prayer_time
|
The Daily Prayer Time WordPress plugin before 2021.08.10 does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issu…
|
CWE-79
Cross-site Scripting
|
CVE-2021-24523
|
2024-10-4 21:53 |
2021-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|