2091
|
9.8 |
CRITICAL
Network
tenda
|
ch22_firmware
|
Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46045
|
2024-09-20 09:34 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2092
|
9.8 |
CRITICAL
Network
tenda
|
ch22_firmware
|
CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46044
|
2024-09-20 09:34 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2093
|
7.8 |
HIGH
Local
|
intelbras
|
incontrol
|
A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted s…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2024-6080
|
2024-09-20 09:27 |
2024-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2094
|
8.8 |
HIGH
Network
|
yotuwp
|
video_gallery
|
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This …
|
NVD-CWE-Other
|
CVE-2024-4551
|
2024-09-20 09:24 |
2024-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2095
|
6.3 |
MEDIUM
Network
|
ali2woo
|
aliexpress_dropshipping_with_alinext
|
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in …
|
CWE-862
Missing Authorization
|
CVE-2024-4450
|
2024-09-20 09:22 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2096
|
9.8 |
CRITICAL
Network
yotuwp
|
video_gallery
|
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. Thi…
|
NVD-CWE-Other
|
CVE-2024-4258
|
2024-09-20 09:21 |
2024-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2097
|
8.8 |
HIGH
Network
|
ali2woo
|
aliexpress_dropshipping_with_alinext
|
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, a…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-2381
|
2024-09-20 09:18 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2098
|
5.9 |
MEDIUM
Network
|
consensys
|
gnark-crypto
|
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property…
|
NVD-CWE-noinfo
|
CVE-2024-45040
|
2024-09-20 09:13 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2099
|
6.2 |
MEDIUM
Local
|
consensys
|
gnark-crypto
|
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover …
|
NVD-CWE-noinfo
|
CVE-2024-45039
|
2024-09-20 09:12 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2100
|
8.8 |
HIGH
Network
|
thimpress
|
wp_events_manager
|
The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user su…
|
CWE-89
SQL Injection
|
CVE-2024-7717
|
2024-09-20 09:08 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|