1141
|
6.3 |
MEDIUM
Local
|
fedirtsapana
|
simple_http_server_plus simple_http_server
|
Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K (AES) encryption key. An a…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2023-46919
|
2024-10-2 00:15 |
2023-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1142
|
8.8 |
HIGH
Local
|
rust-lang
|
rust
|
Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.8…
|
CWE-88
Argument Injection
|
CVE-2024-43402
|
2024-10-2 00:12 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1143
|
7.5 |
HIGH
Network
google
|
tensorflow
|
TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will a…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2023-33976
|
2024-10-1 23:41 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1144
|
5.4 |
MEDIUM
Network
|
axton
|
wp-webauthn
|
The WP-WebAuthn plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wwa_login_form shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9023
|
2024-10-1 23:39 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1145
|
6.1 |
MEDIUM
Network
|
objectiv
|
simple_ldap_login
|
The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8715
|
2024-10-1 23:37 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1146
|
- |
|
-
|
-
|
The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting atta…
|
-
|
CVE-2024-8283
|
2024-10-1 23:35 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1147
|
- |
|
-
|
-
|
The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, whi…
|
-
|
CVE-2024-8239
|
2024-10-1 23:35 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1148
|
5.3 |
MEDIUM
Network
perforce
|
akana_api
|
In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-5250
|
2024-10-1 23:33 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1149
|
5.4 |
MEDIUM
Network
|
garrettgrimm
|
simple_popup_plugin
|
The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [popup] shortcode in all versions up to, and including, 4.5 due to insufficient input saniti…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8547
|
2024-10-1 23:32 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1150
|
9.8 |
CRITICAL
Network
givewp
|
givewp
|
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input vi…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8353
|
2024-10-1 23:31 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|