11
|
9.8 |
CRITICAL
Network
tenda
|
ch22_firmware
|
CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function.
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46044
|
2024-09-20 09:34 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
12
|
7.8 |
HIGH
Local
|
intelbras
|
incontrol
|
A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted s…
Update
|
CWE-428
Unquoted Search Path or Element
|
CVE-2024-6080
|
2024-09-20 09:27 |
2024-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
13
|
8.8 |
HIGH
Network
|
yotuwp
|
video_gallery
|
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This …
Update
|
NVD-CWE-Other
|
CVE-2024-4551
|
2024-09-20 09:24 |
2024-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
14
|
6.3 |
MEDIUM
Network
|
ali2woo
|
aliexpress_dropshipping_with_alinext
|
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in …
Update
|
CWE-862
Missing Authorization
|
CVE-2024-4450
|
2024-09-20 09:22 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
15
|
9.8 |
CRITICAL
Network
yotuwp
|
video_gallery
|
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. Thi…
Update
|
NVD-CWE-Other
|
CVE-2024-4258
|
2024-09-20 09:21 |
2024-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
16
|
8.8 |
HIGH
Network
|
ali2woo
|
aliexpress_dropshipping_with_alinext
|
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, a…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-2381
|
2024-09-20 09:18 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
17
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, has been found in code-projects Online Quiz Site 1.0. This issue affects some unknown processing of the file showtest.php. The manipulation of the a…
New
|
CWE-89
SQL Injection
|
CVE-2024-9009
|
2024-09-20 09:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
18
|
- |
|
-
|
-
|
Zitadel is an open source identity management platform. In Zitadel, even after an organization is deactivated, associated projects, respectively their applications remain active. Users across other o…
New
|
CWE-200
Information Exposure
|
CVE-2024-47060
|
2024-09-20 09:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
19
|
- |
|
-
|
-
|
Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability t…
New
|
CWE-269
Improper Privilege Management
|
CVE-2024-47000
|
2024-09-20 09:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
20
|
- |
|
-
|
-
|
Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to …
New
|
CWE-269
Improper Privilege Management
|
CVE-2024-46999
|
2024-09-20 09:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|