161
|
8.8 |
HIGH
Network
|
dedebiz
|
dedebiz
|
A vulnerability classified as critical was found in DedeBIZ 6.3.0. This vulnerability affects the function get_mime_type of the file /admin/dialog/select_images_post.php of the component Attachment S…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7906
|
2024-09-28 02:54 |
2024-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
162
|
9.1 |
CRITICAL
Network
centurysys
|
futurenet_nxr-1300_firmware futurenet_nxr-g050_firmware futurenet_nxr-610x_firmware futurenet_vxr-x64 futurenet_vxr-x86 futurenet_nxr-g060_firmware futurenet_nxr-g100_firmware fu…
|
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker t…
Update
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2024-31070
|
2024-09-28 02:54 |
2024-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
163
|
8.8 |
HIGH
Network
|
centurysys
|
futurenet_nxr-1300_firmware futurenet_nxr-g050_firmware futurenet_nxr-610x_firmware futurenet_vxr-x64 futurenet_vxr-x86 futurenet_nxr-g060_firmware futurenet_nxr-g100_firmware fu…
|
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the prod…
Update
|
CWE-78
OS Command
|
CVE-2024-36475
|
2024-09-28 02:50 |
2024-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
164
|
6.5 |
MEDIUM
Network
|
github
|
enterprise_server
|
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content i…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-6337
|
2024-09-28 02:48 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
165
|
5.3 |
MEDIUM
Network
starkdigital
|
wp_testimonial_widget
|
The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and i…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-7390
|
2024-09-28 02:45 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
166
|
- |
|
-
|
-
|
The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information.
New
|
-
|
CVE-2024-46471
|
2024-09-28 02:35 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
167
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component.
New
|
-
|
CVE-2024-46470
|
2024-09-28 02:35 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
168
|
- |
|
-
|
-
|
An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter unde…
New
|
-
|
CVE-2024-46333
|
2024-09-28 02:35 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
169
|
- |
|
-
|
-
|
ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect parameter at /admin/login. This vulnerability allows attackers to redirect users to an arbitrary website vi…
New
|
-
|
CVE-2024-46331
|
2024-09-28 02:35 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
170
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMFinDev.asmx function.
New
|
-
|
CVE-2024-40509
|
2024-09-28 02:35 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|