1911
|
4.3 |
MEDIUM
Network
|
contao
|
contao
|
Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13…
|
CWE-22
Path Traversal
|
CVE-2024-45604
|
2024-09-26 04:22 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1912
|
5.4 |
MEDIUM
Network
|
wpbackgrounds
|
advanced_wordpress_backgrounds
|
The Advanced WordPress Backgrounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘imageTag’ parameter in all versions up to, and including, 1.12.3 due to insufficient inpu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8045
|
2024-09-26 04:22 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1913
|
8.8 |
HIGH
Network
|
contao
|
contao
|
Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.1…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-45398
|
2024-09-26 04:20 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1914
|
4.8 |
MEDIUM
Network
|
eladmin
|
eladmin
|
eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.
|
CWE-79
Cross-site Scripting
|
CVE-2024-44676
|
2024-09-26 04:20 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1915
|
9.8 |
CRITICAL
Network
eladmin
|
eladmin
|
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-44677
|
2024-09-26 04:19 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1916
|
8.8 |
HIGH
Network
|
microsoft
|
dynamics_365_business_central
|
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.
|
NVD-CWE-noinfo
|
CVE-2024-43460
|
2024-09-26 04:18 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1917
|
4.6 |
MEDIUM
Physics
|
hathway
|
skyworth_cm5100-511_firmware
|
Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-44815
|
2024-09-26 04:17 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1918
|
8.8 |
HIGH
Network
|
hfo4
|
shudong-share
|
A vulnerability was found in HFO4 shudong-share 2.4.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /includes/fileReceive.php of the compon…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-8338
|
2024-09-26 04:12 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1919
|
5.3 |
MEDIUM
Network
getastra
|
wp_hardening
|
The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular ex…
|
CWE-697
Incorrect Comparison
|
CVE-2024-6641
|
2024-09-26 04:07 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1920
|
6.1 |
MEDIUM
Network
|
svelte
|
svelte
|
svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The as…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45047
|
2024-09-26 04:06 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|