801
|
9.8 |
CRITICAL
Network
razormist
|
telecom_billing_management_system
|
A vulnerability has been found in SourceCodester Telecom Billing Management System 1.0 and classified as critical. This vulnerability affects the function login. The manipulation of the argument unam…
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-9088
|
2024-09-27 00:19 |
2024-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
802
|
9.8 |
CRITICAL
Network
vehicle_management_project
|
vehicle_management
|
A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /edit1.php. The manipulation of the argument sno leads t…
|
CWE-89
SQL Injection
|
CVE-2024-9087
|
2024-09-27 00:16 |
2024-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
803
|
5.4 |
MEDIUM
Network
|
theme-fusion
|
avada
|
The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusion_button shortcode in all versions up to, and including, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-5628
|
2024-09-27 00:14 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
804
|
4.3 |
MEDIUM
Network
|
realestateconnected
|
easy_property_listings
|
The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-3163
|
2024-09-27 00:13 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
805
|
7.5 |
HIGH
Network
tamparongj_03
|
online_graduate_tracer_system
|
A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /tracking/admin/fetch_it.php…
|
CWE-89
SQL Injection
|
CVE-2024-7845
|
2024-09-27 00:10 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
806
|
6.1 |
MEDIUM
Network
|
wpfactory
|
wpfactory_helper
|
The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8656
|
2024-09-27 00:04 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
807
|
6.1 |
MEDIUM
Network
|
redhat
|
build_of_keycloak keycloak
|
An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. …
|
CWE-601
Open Redirect
|
CVE-2024-7260
|
2024-09-27 00:01 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
808
|
6.1 |
MEDIUM
Network
|
amcharts
|
amcharts\
|
The amCharts: Charts and Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'amcharts_javascript' parameter in all versions up to, and including, 1.4.4 due to the abili…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8622
|
2024-09-26 23:59 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
809
|
8.1 |
HIGH
Network
|
strapi
|
strapi
|
Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before ve…
|
CWE-601 CWE-294
Open Redirect Authentication Bypass by Capture-replay
|
CVE-2024-34065
|
2024-09-26 23:55 |
2024-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
810
|
6.5 |
MEDIUM
Network
|
strapi
|
strapi
|
Strapi is an open-source content management system. Prior to version 4.22.0, a denial-of-service vulnerability is present in the media upload process causing the server to crash without restarting, a…
|
NVD-CWE-Other
|
CVE-2024-31217
|
2024-09-26 23:53 |
2024-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|