1571
|
9.8 |
CRITICAL
Network
dedecms
|
dedecms
|
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2023-40784
|
2024-09-27 04:35 |
2023-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1572
|
7.8 |
HIGH
Local
|
raidenftpd
|
raidenftpd
|
Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard.
|
CWE-120
Classic Buffer Overflow
|
CVE-2023-39063
|
2024-09-27 04:35 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1573
|
8.0 |
HIGH
Adjacent
|
tp-link
|
archer_c3150_firmware
|
Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
|
CWE-78
OS Command
|
CVE-2023-38588
|
2024-09-27 04:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1574
|
6.1 |
MEDIUM
Network
|
lucasstad
|
lucas_string_replace
|
The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includ…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8734
|
2024-09-27 04:30 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1575
|
5.4 |
MEDIUM
Network
|
khromov
|
email_obfuscate_shortcode
|
The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insuffici…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8747
|
2024-09-27 04:23 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1576
|
6.1 |
MEDIUM
Network
|
kubiq
|
pdf_thumbnail_generator
|
The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and inc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8737
|
2024-09-27 04:18 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1577
|
4.3 |
MEDIUM
Network
|
sentry
|
sentry
|
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-45606
|
2024-09-27 04:16 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1578
|
- |
|
-
|
-
|
SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availab…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-33008
|
2024-09-27 04:15 |
2024-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1579
|
- |
|
-
|
-
|
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection v…
|
CWE-77
Command Injection
|
CVE-2024-22127
|
2024-09-27 04:15 |
2024-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1580
|
4.3 |
MEDIUM
Network
|
sap
|
business_one
|
SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. …
|
CWE-611
XXE
|
CVE-2023-41365
|
2024-09-27 04:15 |
2023-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|