1871
|
4.8 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a thro…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43999
|
2024-09-26 00:15 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1872
|
6.5 |
MEDIUM
Adjacent
|
apple
|
iphone_os ipados
|
This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A malicious Bluetooth input device may bypass pairing.
|
NVD-CWE-noinfo
|
CVE-2024-44124
|
2024-09-26 00:14 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1873
|
9.8 |
CRITICAL
Network
oracle
|
application_development_framework
|
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. E…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2022-21445
|
2024-09-26 00:14 |
2022-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1874
|
5.4 |
MEDIUM
Network
|
webhammer
|
wp_custom_fields_search
|
The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8364
|
2024-09-26 00:08 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1875
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.…
|
CWE-416
Use After Free
|
CVE-2024-6064
|
2024-09-26 00:08 |
2024-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1876
|
9.8 |
CRITICAL
Network
freeimage_project
|
freeimage
|
libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-31570
|
2024-09-25 23:57 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1877
|
9.8 |
CRITICAL
Network
spx
|
spx_graphics_controller
|
An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function.
|
CWE-94
Code Injection
|
CVE-2024-44623
|
2024-09-25 23:53 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1878
|
8.8 |
HIGH
Network
|
ontraport
|
pilotpress
|
Missing Authorization vulnerability in ONTRAPORT Inc. PilotPress.This issue affects PilotPress: from n/a through 2.0.30.
|
CWE-862
Missing Authorization
|
CVE-2024-23524
|
2024-09-25 23:48 |
2024-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1879
|
9.8 |
CRITICAL
Network
ergophone yealink
|
tiptel_ip_286_firmware sip-t28p_firmware
|
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.
|
CWE-22
Path Traversal
|
CVE-2024-33109
|
2024-09-25 23:47 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1880
|
9.8 |
CRITICAL
Network
closed-loop
|
cless_server
|
An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the u…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-40125
|
2024-09-25 23:46 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|