|
21
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Simple Popup Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [popup] shortcode in all versions up to, and including, 4.5 due to insufficient input saniti…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8547
|
2024-09-28 11:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
10.0 |
CRITICAL
Network
-
|
-
|
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input vi…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8353
|
2024-09-28 11:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
23
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected by this issue is some unknown functionality of the file sav…
New
|
CWE-89
SQL Injection
|
CVE-2024-9294
|
2024-09-28 07:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
- |
|
-
|
-
|
EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may le…
New
|
-
|
CVE-2024-38796
|
2024-09-28 07:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
- |
|
-
|
-
|
HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information.
New
|
-
|
CVE-2024-23586
|
2024-09-28 07:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
8.0 |
HIGH
Adjacent
|
tp-link
|
archer_c55_firmware
archer_c50_v3_firmware
|
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C5…
Update
|
CWE-78
OS Command
|
CVE-2023-31188
|
2024-09-28 06:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
8.0 |
HIGH
Network
|
apache
|
airflow
|
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the …
Update
|
CWE-384
Session Fixation
|
CVE-2023-40273
|
2024-09-28 06:35 |
2023-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
8.2 |
HIGH
Network
apache
|
ivy
|
Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy pr…
Update
|
CWE-91
CWE-611
Blind XPath Injection
XXE
|
CVE-2022-46751
|
2024-09-28 06:35 |
2023-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
29
|
6.1 |
MEDIUM
Network
|
mm-breaking_news_project
|
mm-breaking_news
|
The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8056
|
2024-09-28 06:29 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
6.1 |
MEDIUM
Network
|
mm-breaking_news_project
|
mm-breaking_news
|
The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add S…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8054
|
2024-09-28 06:29 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
