381
|
8.8 |
HIGH
Network
|
radiustheme
|
classified_listing
|
Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions.
Update
|
CWE-352
Origin Validation Error
|
CVE-2023-37387
|
2024-09-27 21:41 |
2023-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
382
|
6.1 |
MEDIUM
Network
|
radiustheme
|
classified_listing
|
The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-2655
|
2024-09-27 21:41 |
2022-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
383
|
6.1 |
MEDIUM
Network
|
radiustheme
|
classima classima_core classified_listing_store_\&_membership classified_listing
|
The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.2…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-2654
|
2024-09-27 21:41 |
2022-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
384
|
- |
|
-
|
-
|
A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. This vulnerability affects the function fileUpload of the file FileUpl…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9280
|
2024-09-27 21:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
385
|
- |
|
-
|
-
|
A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. This affects an unknown part of the file /mee/index of the component User Center. The manipulation of …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9279
|
2024-09-27 21:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
386
|
- |
|
-
|
-
|
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).This issue affects ValeApp: …
New
|
CWE-315
Cleartext Storage of Sensitive Information in a Cookie
|
CVE-2024-8644
|
2024-09-27 21:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
387
|
- |
|
-
|
-
|
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0.
New
|
-
|
CVE-2024-8643
|
2024-09-27 21:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
388
|
- |
|
-
|
-
|
Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information.This issue affects ValeApp: before v2.0.0.
New
|
-
|
CVE-2024-8609
|
2024-09-27 21:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
389
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oceanic Software ValeApp allows Stored XSS.This issue affects ValeApp: before v2.0.0.
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8608
|
2024-09-27 21:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
390
|
- |
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0.
New
|
CWE-89
SQL Injection
|
CVE-2024-8607
|
2024-09-27 21:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|