1601
|
- |
|
-
|
-
|
Inadequate Encryption Strength vulnerability in Apache Answer.
This issue affects Apache Answer: through 1.3.5.
Using the MD5 value of a user's email to access Gravatar is insecure and can lead to …
|
-
|
CVE-2024-40761
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1602
|
- |
|
-
|
-
|
Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content.
Th…
|
CWE-269
Improper Privilege Management
|
CVE-2024-23454
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1603
|
- |
|
-
|
-
|
The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
-
|
CVE-2024-7892
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1604
|
- |
|
-
|
-
|
The Chatbot with ChatGPT WordPress plugin before 2.4.6 does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, t…
|
-
|
CVE-2024-6845
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1605
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8668
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1606
|
5.3 |
MEDIUM
Network
-
|
-
|
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woof_messenger_re…
|
CWE-862
Missing Authorization
|
CVE-2024-7491
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1607
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Premium Packages – Sell Digital Products Securely plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.9.1. This is due to missing nonce valida…
|
CWE-352
Origin Validation Error
|
CVE-2024-7386
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1608
|
- |
|
-
|
-
|
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls.Thi…
|
CWE-73 CWE-732
External Control of File Name or Path Incorrect Permission Assignment for Critical Resource
|
CVE-2024-9142
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1609
|
- |
|
-
|
-
|
Cross-Site Scripting (XSS) vulnerability in the Oct8ne system. This flaw could allow an attacker to embed harmful JavaScript code into the body of a chat message. This manipulation occurs when the ch…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9141
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1610
|
- |
|
-
|
-
|
Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
|
-
|
CVE-2024-9123
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|