921
|
5.4 |
MEDIUM
Network
|
posimyth
|
the_plus_addons_for_elementor
|
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel_direction para…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5583
|
2024-09-27 09:47 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
922
|
8.1 |
HIGH
Network
|
pixeljar
|
favicon_generator
|
The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the output_sub_ad…
|
CWE-352
Origin Validation Error
|
CVE-2024-7568
|
2024-09-27 09:41 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
923
|
9.8 |
CRITICAL
Network
tosei-corporation
|
online_store_management_system
|
A vulnerability classified as critical was found in Tosei Online Store Management System ??????????? 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation…
|
NVD-CWE-noinfo
|
CVE-2024-7898
|
2024-09-27 09:34 |
2024-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
924
|
8.8 |
HIGH
Network
|
tosei
|
online_store_management_system
|
A vulnerability classified as critical has been found in Tosei Online Store Management System ??????????? 4.02/4.03/4.04. This affects an unknown part of the file /cgi-bin/tosei_kikai.php. The manipu…
|
CWE-77
Command Injection
|
CVE-2024-7897
|
2024-09-27 09:29 |
2024-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
925
|
- |
|
-
|
-
|
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs?. The memory leak happens in git…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-1394
|
2024-09-27 08:15 |
2024-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
926
|
5.4 |
MEDIUM
Network
|
risethemes
|
rt_easy_builder
|
The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2 due to insuffi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-2254
|
2024-09-27 07:36 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
927
|
6.1 |
MEDIUM
Network
|
instawp
|
string_locator
|
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2023-6987
|
2024-09-27 07:34 |
2024-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
928
|
5.4 |
MEDIUM
Network
|
themeisle
|
orbit_fox
|
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization …
|
CWE-79
Cross-site Scripting
|
CVE-2024-7778
|
2024-09-27 07:22 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
929
|
9.8 |
CRITICAL
Network
silabs
|
emberznet
|
TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outsi…
|
CWE-672 CWE-772
Operation on a Resource after Expiration or Release Missing Release of Resource after Effective Lifetime
|
CVE-2023-41094
|
2024-09-27 07:15 |
2023-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
930
|
7.5 |
HIGH
Network
hashicorp
|
vault
|
The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-5077
|
2024-09-27 07:15 |
2023-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|