|
2251
|
4.8 |
MEDIUM
Network
|
robosoft
|
robo_gallery
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RoboSoft Robo Gallery allows Stored XSS.This issue affects Robo Gallery: from n/a through …
|
CWE-79
Cross-site Scripting
|
CVE-2024-49696
|
2024-11-9 00:21 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2252
|
6.5 |
MEDIUM
Network
|
63moons
|
aero
wave_2.0
|
This vulnerability exists in the Wave 2.0 due to weak encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating a pa…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2024-51556
|
2024-11-9 00:20 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2253
|
5.4 |
MEDIUM
Network
|
spiffyplugins
|
wp_flow_plus
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49695
|
2024-11-9 00:20 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2254
|
6.5 |
MEDIUM
Network
|
63moons
|
aero
wave_2.0
|
This vulnerability exists in the Wave 2.0 due to missing authorization check on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter “u…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-51559
|
2024-11-9 00:19 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2255
|
9.8 |
CRITICAL
Network
63moons
|
aero
wave_2.0
|
This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conduc…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-51558
|
2024-11-9 00:19 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2256
|
6.5 |
MEDIUM
Network
|
63moons
|
aero
wave_2.0
|
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP re…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-51557
|
2024-11-9 00:19 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2257
|
5.4 |
MEDIUM
Network
|
kraftplugins
|
mega_elements
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49693
|
2024-11-9 00:19 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2258
|
7.5 |
HIGH
Network
ruijie
|
nbr3000d-e_firmware
|
An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component.
|
NVD-CWE-noinfo
|
CVE-2024-48783
|
2024-11-9 00:19 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2259
|
4.3 |
MEDIUM
Network
|
63moons
|
aero
wave_2.0
|
This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-51560
|
2024-11-9 00:18 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2260
|
6.1 |
MEDIUM
Network
|
google_docs_rsvp_project
|
google_docs_rsvp
|
Cross-Site Request Forgery (CSRF) vulnerability in Gifford Cheung, Brian Watanabe, Chongsun Ahn Google Docs RSVP allows Stored XSS.This issue affects Google Docs RSVP: from n/a through 2.0.1.
|
CWE-352
Origin Validation Error
|
CVE-2024-49672
|
2024-11-9 00:16 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
