1051
|
9.8 |
CRITICAL
Network
doverfuelingsolutions
|
progauge_maglink_lx_console_firmware progauge_maglink_lx4_console_firmware
|
The web application for ProGauge MAGLINK LX4 CONSOLE contains an
administrative-level user account with a password that cannot be
changed.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-43423
|
2024-10-2 00:41 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1052
|
7.8 |
HIGH
Local
|
projectdiscovery
|
nuclei
|
Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow…
|
CWE-78
OS Command
|
CVE-2024-43405
|
2024-10-2 00:37 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1053
|
- |
|
-
|
-
|
The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a…
|
-
|
CVE-2024-8379
|
2024-10-2 00:35 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1054
|
4.8 |
MEDIUM
Network
|
codepeople
|
contact_form_email
|
The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting at…
|
CWE-79
Cross-site Scripting
|
CVE-2023-5955
|
2024-10-2 00:35 |
2023-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1055
|
5.3 |
MEDIUM
Network
wpbrigade
|
simple_social_buttons
|
The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags
|
NVD-CWE-noinfo
|
CVE-2023-5845
|
2024-10-2 00:35 |
2023-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1056
|
4.3 |
MEDIUM
Network
|
limitloginattempts
|
limit_login_attempts_reloaded
|
The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update stat…
|
CWE-862
Missing Authorization
|
CVE-2023-5525
|
2024-10-2 00:35 |
2023-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1057
|
5.4 |
MEDIUM
Network
|
thimpress
|
wp_hotel_booking
|
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated user…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-5651
|
2024-10-2 00:35 |
2023-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1058
|
9.1 |
CRITICAL
Network
atlassian
|
jira_service_management
|
An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management inst…
|
CWE-287
Improper Authentication
|
CVE-2023-22501
|
2024-10-2 00:35 |
2023-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1059
|
7.8 |
HIGH
Local
|
microsoft git_for_windows_project
|
visual_studio_2022 visual_studio_2017 visual_studio_2019 git_for_windows
|
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2022-24767
|
2024-10-2 00:35 |
2022-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1060
|
7.8 |
HIGH
Local
|
amazon
|
freertos
|
FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming t…
|
NVD-CWE-Other
|
CVE-2024-28115
|
2024-10-2 00:31 |
2024-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|