1871
|
8.8 |
HIGH
Network
|
themify
|
ultra
|
Missing Authorization vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5.
|
CWE-862
Missing Authorization
|
CVE-2023-46148
|
2024-09-16 22:39 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1872
|
8.8 |
HIGH
Network
|
elastic
|
kibana
|
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use Elastic Secu…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-37288
|
2024-09-16 22:29 |
2024-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1873
|
6.1 |
MEDIUM
Network
|
uniong
|
webitr
|
WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, ca…
|
CWE-601
Open Redirect
|
CVE-2024-8586
|
2024-09-16 22:28 |
2024-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1874
|
4.3 |
MEDIUM
Network
|
istyle
|
\@cosme
|
Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to lead a user to …
|
NVD-CWE-noinfo
|
CVE-2024-45203
|
2024-09-16 22:27 |
2024-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1875
|
6.3 |
MEDIUM
Network
|
crocoblock
|
jetelements
|
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
|
CWE-862
Missing Authorization
|
CVE-2023-48761
|
2024-09-16 22:27 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1876
|
9.8 |
CRITICAL
Network
crocoblock
|
jetelements
|
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
|
CWE-862
Missing Authorization
|
CVE-2023-48760
|
2024-09-16 22:26 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1877
|
7.5 |
HIGH
Network
crocoblock
|
jetelements
|
Missing Authorization vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.
|
CWE-862
Missing Authorization
|
CVE-2023-48759
|
2024-09-16 22:25 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1878
|
9.8 |
CRITICAL
Network
project_team
|
tmall_demo
|
A vulnerability, which was classified as critical, was found in Mini-Tmall up to 20240901. Affected is the function rewardMapper.select of the file tmall/admin/order/1/1. The manipulation of the argu…
|
CWE-89
SQL Injection
|
CVE-2024-8568
|
2024-09-16 22:22 |
2024-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1879
|
9.8 |
CRITICAL
Network
phpvibe
|
phpvibe
|
A vulnerability, which was classified as critical, was found in PHPVibe 11.0.46. Affected is an unknown function of the file /app/uploading/upload-mp3.php of the component Media Upload Page. The mani…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-6083
|
2024-09-16 22:21 |
2024-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1880
|
4.8 |
MEDIUM
Network
|
anujk305
|
bus_pass_management_system
|
phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2024-44798
|
2024-09-16 22:19 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|