141
|
6.1 |
MEDIUM
Network
|
michalaugustyniak
|
misiek_photo_album
|
The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-7818
|
2024-09-28 03:18 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
142
|
5.4 |
MEDIUM
Network
|
alaingonzalez
|
accordion_image_menu
|
The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin a…
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-8092
|
2024-09-28 03:17 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
143
|
6.5 |
MEDIUM
Network
|
jakesnyder
|
enhanced_search_box
|
The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-8091
|
2024-09-28 03:17 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
144
|
4.3 |
MEDIUM
Network
|
github
|
enterprise_server
|
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was …
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-7711
|
2024-09-28 03:17 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
145
|
6.5 |
MEDIUM
Network
|
lucasgarcia
|
posts_reminder
|
The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-8093
|
2024-09-28 03:16 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
146
|
- |
|
-
|
-
|
A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a
New
|
-
|
CVE-2024-9301
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
147
|
- |
|
-
|
-
|
A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: thi…
New
|
-
|
CVE-2024-46257
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
148
|
- |
|
-
|
-
|
A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.
New
|
-
|
CVE-2024-46256
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
149
|
- |
|
-
|
-
|
Advantech ADAM-5630
has built-in commands that can be executed without authenticating the
user. These commands allow for restarting the operating system,
rebooting the hardware, and stopping the e…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-39364
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
150
|
- |
|
-
|
-
|
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a
session is closed. Forging requests with a legitimate cookie, even if
the session was terminated, allows an …
New
|
-
|
CVE-2024-39275
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|