901
|
6.1 |
MEDIUM
Network
|
instawp
|
string_locator
|
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2023-6987
|
2024-09-27 07:34 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
902
|
5.4 |
MEDIUM
Network
|
themeisle
|
orbit_fox
|
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization …
|
CWE-79
Cross-site Scripting
|
CVE-2024-7778
|
2024-09-27 07:22 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
903
|
9.8 |
CRITICAL
Network
silabs
|
emberznet
|
TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outsi…
|
CWE-672 CWE-772
Operation on a Resource after Expiration or Release Missing Release of Resource after Effective Lifetime
|
CVE-2023-41094
|
2024-09-27 07:15 |
2023-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
904
|
7.5 |
HIGH
Network
hashicorp
|
vault
|
The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-5077
|
2024-09-27 07:15 |
2023-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
905
|
4.9 |
MEDIUM
Network
|
hashicorp
|
vault
|
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, poten…
|
NVD-CWE-noinfo
|
CVE-2023-3775
|
2024-09-27 07:15 |
2023-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
906
|
4.9 |
MEDIUM
Network
|
hashicorp
|
vault
|
An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2023-3774
|
2024-09-27 07:15 |
2023-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
907
|
6.5 |
MEDIUM
Network
|
mediajedi
|
user_private_files
|
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'dpk_upvf_update_doc'…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-7848
|
2024-09-27 07:12 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
908
|
5.3 |
MEDIUM
Network
maxfoundry
|
maxbuttons
|
The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to …
|
NVD-CWE-noinfo
|
CVE-2024-6499
|
2024-09-27 07:07 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
909
|
5.4 |
MEDIUM
Network
|
pixelgrade
|
nova_blocks
|
The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8241
|
2024-09-27 07:03 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
910
|
4.3 |
MEDIUM
Network
|
themeum
|
tutor_lms
|
The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addon_enable_disab…
|
CWE-352
Origin Validation Error
|
CVE-2023-2919
|
2024-09-27 06:59 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|