41
|
6.1 |
MEDIUM
Network
|
outtolunchproductions
|
simple_headline_rotator
|
The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-7860
|
2024-09-28 05:56 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
42
|
6.1 |
MEDIUM
Network
|
michalaugustyniak
|
misiek_paypal
|
The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin a…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-7861
|
2024-09-28 05:52 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
43
|
- |
|
-
|
-
|
TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit f…
New
|
-
|
CVE-2024-46097
|
2024-09-28 05:35 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
44
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php.
New
|
-
|
CVE-2024-25411
|
2024-09-28 05:35 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
45
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMConference.asmx function.
New
|
-
|
CVE-2024-40508
|
2024-09-28 05:35 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
46
|
8.0 |
HIGH
Adjacent
|
tp-link
|
archer_ax50_firmware archer_a10_firmware archer_ax10_firmware archer_ax11000_firmware
|
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer A…
Update
|
CWE-78
OS Command
|
CVE-2023-40357
|
2024-09-28 05:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
47
|
5.4 |
MEDIUM
Network
|
isarnet
|
isarflow
|
A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFlow v5.23 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the dashboa…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-34637
|
2024-09-28 05:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
48
|
- |
|
-
|
-
|
An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service conditio…
New
|
-
|
CVE-2024-6436
|
2024-09-28 05:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
49
|
- |
|
-
|
-
|
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
Update
|
-
|
CVE-2024-24698
|
2024-09-28 05:15 |
2024-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
50
|
6.5 |
MEDIUM
Network
|
zoom
|
meeting_software_development_kit video_software_development_kit zoom
|
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.
Update
|
NVD-CWE-Other
|
CVE-2023-43585
|
2024-09-28 05:15 |
2023-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|