|
2551
|
4.8 |
MEDIUM
Network
|
10web
|
photo_gallery
|
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to ins…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9878
|
2024-11-9 00:25 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2552
|
8.8 |
HIGH
Network
|
fileorganizer
|
fileorganizer
|
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7985
|
2024-11-9 00:22 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2553
|
4.8 |
MEDIUM
Network
|
robosoft
|
robo_gallery
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RoboSoft Robo Gallery allows Stored XSS.This issue affects Robo Gallery: from n/a through …
|
CWE-79
Cross-site Scripting
|
CVE-2024-49696
|
2024-11-9 00:21 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2554
|
6.5 |
MEDIUM
Network
|
63moons
|
aero
wave_2.0
|
This vulnerability exists in the Wave 2.0 due to weak encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating a pa…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2024-51556
|
2024-11-9 00:20 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2555
|
5.4 |
MEDIUM
Network
|
spiffyplugins
|
wp_flow_plus
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49695
|
2024-11-9 00:20 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2556
|
6.5 |
MEDIUM
Network
|
63moons
|
aero
wave_2.0
|
This vulnerability exists in the Wave 2.0 due to missing authorization check on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter “u…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-51559
|
2024-11-9 00:19 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2557
|
9.8 |
CRITICAL
Network
63moons
|
aero
wave_2.0
|
This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conduc…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-51558
|
2024-11-9 00:19 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2558
|
6.5 |
MEDIUM
Network
|
63moons
|
aero
wave_2.0
|
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP re…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-51557
|
2024-11-9 00:19 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2559
|
5.4 |
MEDIUM
Network
|
kraftplugins
|
mega_elements
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49693
|
2024-11-9 00:19 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2560
|
7.5 |
HIGH
Network
ruijie
|
nbr3000d-e_firmware
|
An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component.
|
NVD-CWE-noinfo
|
CVE-2024-48783
|
2024-11-9 00:19 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
