591
|
5.3 |
MEDIUM
Network
ba-booking
|
ba_book_everything
|
The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the reset_user_password() function not verifying a u…
Update
|
NVD-CWE-Other
|
CVE-2024-8794
|
2024-09-27 01:23 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
592
|
6.1 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms_file_uploads
|
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. RTX file) in all versions up to, and including, 3.3.16 due to insufficient …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-1596
|
2024-09-27 01:23 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
593
|
5.4 |
MEDIUM
Network
|
master-addons
|
master_addons
|
The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-jltma-wrapper-link element…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-6282
|
2024-09-27 01:19 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
594
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capa…
New
|
CWE-862
Missing Authorization
|
CVE-2024-8771
|
2024-09-27 01:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
595
|
4.4 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.
New
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-7259
|
2024-09-27 01:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
596
|
- |
|
-
|
-
|
Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.
New
|
-
|
CVE-2024-46632
|
2024-09-27 01:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
597
|
- |
|
-
|
-
|
A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a r…
New
|
-
|
CVE-2024-45983
|
2024-09-27 01:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
598
|
7.2 |
HIGH
Network
|
-
|
-
|
IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request.
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-43191
|
2024-09-27 01:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
599
|
- |
|
-
|
-
|
aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-39319
|
2024-09-27 01:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
600
|
- |
|
-
|
-
|
Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0.
Update
|
-
|
CVE-2024-46957
|
2024-09-27 01:15 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|