1131
|
- |
|
-
|
-
|
The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a…
|
-
|
CVE-2024-8379
|
2024-10-2 00:35 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1132
|
4.8 |
MEDIUM
Network
|
codepeople
|
contact_form_email
|
The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting at…
|
CWE-79
Cross-site Scripting
|
CVE-2023-5955
|
2024-10-2 00:35 |
2023-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1133
|
5.3 |
MEDIUM
Network
wpbrigade
|
simple_social_buttons
|
The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags
|
NVD-CWE-noinfo
|
CVE-2023-5845
|
2024-10-2 00:35 |
2023-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1134
|
4.3 |
MEDIUM
Network
|
limitloginattempts
|
limit_login_attempts_reloaded
|
The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update stat…
|
CWE-862
Missing Authorization
|
CVE-2023-5525
|
2024-10-2 00:35 |
2023-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1135
|
5.4 |
MEDIUM
Network
|
thimpress
|
wp_hotel_booking
|
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated user…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-5651
|
2024-10-2 00:35 |
2023-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1136
|
9.1 |
CRITICAL
Network
atlassian
|
jira_service_management
|
An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management inst…
|
CWE-287
Improper Authentication
|
CVE-2023-22501
|
2024-10-2 00:35 |
2023-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1137
|
7.8 |
HIGH
Local
|
microsoft git_for_windows_project
|
visual_studio_2022 visual_studio_2017 visual_studio_2019 git_for_windows
|
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2022-24767
|
2024-10-2 00:35 |
2022-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1138
|
7.8 |
HIGH
Local
|
amazon
|
freertos
|
FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming t…
|
NVD-CWE-Other
|
CVE-2024-28115
|
2024-10-2 00:31 |
2024-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1139
|
5.4 |
MEDIUM
Network
|
jellyfin
|
jellyfin
|
Jellyfin is an open source self hosted media server. The Jellyfin user profile image upload accepts SVG files, allowing for a stored XSS attack against an admin user via a specially crafted malicious…
|
NVD-CWE-noinfo
|
CVE-2024-43801
|
2024-10-2 00:25 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1140
|
5.5 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-45306
|
2024-10-2 00:20 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|