731
|
7.5 |
HIGH
Network
stormshield
|
stormshield_network_security
|
ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a crafted SIP packet.
Update
|
NVD-CWE-noinfo
|
CVE-2023-26095
|
2024-10-3 03:35 |
2023-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
732
|
7.5 |
HIGH
Network
arraynetworks
|
arrayos_ag
|
Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations.
Update
|
NVD-CWE-noinfo
|
CVE-2023-41121
|
2024-10-3 03:35 |
2023-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
733
|
7.5 |
HIGH
Network
mitel
|
mivoice_connect
|
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper…
Update
|
NVD-CWE-noinfo
|
CVE-2023-39289
|
2024-10-3 03:35 |
2023-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
734
|
7.5 |
HIGH
Network
adguard-dns
|
adguard_dns
|
AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets.
Update
|
NVD-CWE-noinfo
|
CVE-2023-41173
|
2024-10-3 03:35 |
2023-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
735
|
7.5 |
HIGH
Network
wpexpertsio
|
change_wp_admin_login
|
The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered.
Update
|
-
|
CVE-2023-3604
|
2024-10-3 03:35 |
2023-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
736
|
9.8 |
CRITICAL
Network
apache
|
eventmesh
|
CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send contro…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2023-26512
|
2024-10-3 03:35 |
2023-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
737
|
6.1 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-3866
|
2024-10-3 03:26 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
738
|
8.8 |
HIGH
Network
|
wclovers
|
frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible
|
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and incl…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-8290
|
2024-10-3 03:23 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
739
|
5.4 |
MEDIUM
Network
|
braginteractive
|
material_design_icons
|
The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input s…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9024
|
2024-10-3 03:02 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
740
|
7.3 |
HIGH
Network
blogcoding
|
special_text_boxes
|
The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter add_filter('com…
Update
|
CWE-94
Code Injection
|
CVE-2024-8481
|
2024-10-3 02:59 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|