841
|
5.3 |
MEDIUM
Network
coffee2code
|
remember_me_controls
|
The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin allowing direct access to the bootstrap.php …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-7415
|
2024-10-1 02:46 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
842
|
8.2 |
HIGH
Network
|
scriptcase
|
scriptcase
|
Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the “id_form_msg_title” parameter, among others. This vulnera…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8942
|
2024-10-1 02:39 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
843
|
6.1 |
MEDIUM
Network
|
rollupjs
|
rollup
|
Rollup is a module bundler for JavaScript. Versions prior to 3.29.5 and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `impor…
|
CWE-79
Cross-site Scripting
|
CVE-2024-47068
|
2024-10-1 02:39 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
844
|
7.5 |
HIGH
Network
linuxptp_project
|
linuxptp
|
An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function
|
NVD-CWE-noinfo
|
CVE-2024-42861
|
2024-10-1 02:35 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
845
|
6.1 |
MEDIUM
Network
|
flowiseai
|
embed flowise
|
Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.
|
CWE-79
Cross-site Scripting
|
CVE-2024-9148
|
2024-10-1 02:34 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
846
|
- |
|
-
|
-
|
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.
|
-
|
CVE-2024-9158
|
2024-10-1 02:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
847
|
- |
|
-
|
-
|
Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. A user with the editmyprivateinfo right or who can otherwise change their name can XSS themselves by setting their "…
|
CWE-79 CWE-80
Cross-site Scripting Basic XSS
|
CVE-2024-47536
|
2024-10-1 02:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
848
|
- |
|
-
|
-
|
An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other users.
|
-
|
CVE-2024-46549
|
2024-10-1 02:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
849
|
- |
|
-
|
-
|
TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowing attackers to eavesdrop on communications and access sensitive information via a man-in-the-middl…
|
-
|
CVE-2024-46548
|
2024-10-1 02:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
850
|
- |
|
-
|
-
|
A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells …
|
-
|
CVE-2024-46540
|
2024-10-1 02:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|