1901
|
8.8 |
HIGH
Network
|
pickplugins
|
post_grid
|
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta value…
|
NVD-CWE-noinfo
|
CVE-2024-8253
|
2024-09-26 04:42 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1902
|
4.8 |
MEDIUM
Network
|
enviragallery
|
envira_gallery
|
The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform…
|
CWE-79
Cross-site Scripting
|
CVE-2024-3899
|
2024-09-26 04:37 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1903
|
4.8 |
MEDIUM
Network
|
gsplugins
|
gs_logo_slider
|
The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7716
|
2024-09-26 04:35 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1904
|
3.3 |
LOW
Local
|
notion
|
notion
|
Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with …
|
NVD-CWE-noinfo
|
CVE-2024-23743
|
2024-09-26 04:35 |
2024-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1905
|
7.8 |
HIGH
Local
|
insyde
|
insydeh2o
|
An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable name…
|
NVD-CWE-noinfo
|
CVE-2023-34195
|
2024-09-26 04:35 |
2023-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1906
|
9.8 |
CRITICAL
Network
hp
|
oneview
|
A remote authentication bypass issue exists in some
OneView APIs.
|
NVD-CWE-noinfo
|
CVE-2023-30909
|
2024-09-26 04:35 |
2023-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1907
|
4.9 |
MEDIUM
Network
|
contribsys
|
sidekiq
|
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipu…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2023-26141
|
2024-09-26 04:35 |
2023-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1908
|
5.4 |
MEDIUM
Network
|
wpdeveloper
|
essential_addons_for_elementor
|
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widge…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8440
|
2024-09-26 04:34 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1909
|
8.1 |
HIGH
Network
|
wpdelicious
|
wp_delicious
|
The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in t…
|
NVD-CWE-Other
|
CVE-2024-7626
|
2024-09-26 04:32 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1910
|
8.8 |
HIGH
Network
|
fairsketch
|
rise_ultimate_project_manager
|
A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipul…
|
CWE-89
SQL Injection
|
CVE-2024-8945
|
2024-09-26 04:24 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|