941
|
6.1 |
MEDIUM
Network
|
michalaugustyniak
|
misiek_paypal
|
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin a…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7861
|
2024-09-28 05:52 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
942
|
8.0 |
HIGH
Adjacent
|
tp-link
|
archer_ax50_firmware archer_a10_firmware archer_ax10_firmware archer_ax11000_firmware
|
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer A…
|
CWE-78
OS Command
|
CVE-2023-40357
|
2024-09-28 05:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
943
|
5.4 |
MEDIUM
Network
|
isarnet
|
isarflow
|
A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFlow v5.23 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the dashboa…
|
CWE-79
Cross-site Scripting
|
CVE-2023-34637
|
2024-09-28 05:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
944
|
- |
|
-
|
-
|
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
|
-
|
CVE-2024-24698
|
2024-09-28 05:15 |
2024-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
945
|
6.5 |
MEDIUM
Network
|
zoom
|
meeting_software_development_kit video_software_development_kit zoom
|
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.
|
NVD-CWE-Other
|
CVE-2023-43585
|
2024-09-28 05:15 |
2023-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
946
|
7.8 |
HIGH
Local
|
zoom
|
rooms
|
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
|
NVD-CWE-noinfo
|
CVE-2023-43591
|
2024-09-28 05:15 |
2023-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
947
|
6.5 |
MEDIUM
Network
|
zoom
|
meeting_software_development_kit zoom virtual_desktop_infrastructure
|
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.
|
CWE-287
Improper Authentication
|
CVE-2023-39215
|
2024-09-28 05:15 |
2023-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
948
|
8.1 |
HIGH
Network
|
zoom
|
meeting_software_development_kit rooms zoom
|
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2023-39214
|
2024-09-28 05:15 |
2023-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
949
|
9.8 |
CRITICAL
Network
zoom
|
virtual_desktop_infrastructure zoom
|
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network acc…
|
CWE-74
Injection
|
CVE-2023-39213
|
2024-09-28 05:15 |
2023-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
950
|
7.5 |
HIGH
Network
zoom
|
meeting_software_development_kit video_software_development_kit
|
Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.
|
NVD-CWE-noinfo
|
CVE-2023-39217
|
2024-09-28 05:15 |
2023-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|