2001
|
6.3 |
MEDIUM
Network
|
ali2woo
|
aliexpress_dropshipping_with_alinext
|
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in …
|
CWE-862
Missing Authorization
|
CVE-2024-4450
|
2024-09-20 09:22 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2002
|
9.8 |
CRITICAL
Network
yotuwp
|
video_gallery
|
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. Thi…
|
NVD-CWE-Other
|
CVE-2024-4258
|
2024-09-20 09:21 |
2024-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2003
|
8.8 |
HIGH
Network
|
ali2woo
|
aliexpress_dropshipping_with_alinext
|
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, a…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-2381
|
2024-09-20 09:18 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2004
|
5.9 |
MEDIUM
Network
|
consensys
|
gnark-crypto
|
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property…
|
NVD-CWE-noinfo
|
CVE-2024-45040
|
2024-09-20 09:13 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2005
|
6.2 |
MEDIUM
Local
|
consensys
|
gnark-crypto
|
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover …
|
NVD-CWE-noinfo
|
CVE-2024-45039
|
2024-09-20 09:12 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2006
|
8.8 |
HIGH
Network
|
thimpress
|
wp_events_manager
|
The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user su…
|
CWE-89
SQL Injection
|
CVE-2024-7717
|
2024-09-20 09:08 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2007
|
5.3 |
MEDIUM
Network
wpcerber
|
cerber_security_antispam_\&_malware_scan
|
The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it …
|
NVD-CWE-noinfo
|
CVE-2022-4100
|
2024-09-20 09:08 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2008
|
5.3 |
MEDIUM
Network
youtag
|
ip-vault-wp-firewall
|
The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address informatio…
|
NVD-CWE-Other
|
CVE-2022-4536
|
2024-09-20 09:04 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2009
|
6.3 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
Microsoft Edge (HTML-based) Memory Corruption Vulnerability
|
CWE-787
Out-of-bounds Write
|
CVE-2024-38207
|
2024-09-20 07:15 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2010
|
7.8 |
HIGH
Local
|
microsoft
|
edge_chromium
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
CWE-125
Out-of-bounds Read
|
CVE-2024-38210
|
2024-09-20 07:15 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|