2431
|
4.3 |
MEDIUM
Network
|
themeum
|
wp_crowdfunding
|
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10.
|
CWE-862
Missing Authorization
|
CVE-2024-43937
|
2024-11-9 00:57 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2432
|
5.3 |
MEDIUM
Network
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displ…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-51739
|
2024-11-9 00:56 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2433
|
4.1 |
MEDIUM
Network
|
nvidia
|
nvidia_container_toolkit nvidia_gpu_operator
|
NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name …
|
NVD-CWE-Other
|
CVE-2024-0134
|
2024-11-9 00:53 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2434
|
6.1 |
MEDIUM
Network
|
hashicorp
|
consul
|
A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10086
|
2024-11-9 00:49 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2435
|
10.0 |
CRITICAL
Network
webandprint
|
ar
|
Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For WordPress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-50496
|
2024-11-9 00:49 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2436
|
4.3 |
MEDIUM
Network
|
hcltech
|
connections
|
HCL Connections is vulnerable to an information disclosure vulnerability, due to an IBM WebSphere Application Server error, which could allow a user to obtain sensitive information they are not entit…
|
NVD-CWE-noinfo
|
CVE-2024-30106
|
2024-11-9 00:43 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2437
|
6.1 |
MEDIUM
Network
|
elabftw
|
elabftw
|
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions prior to 5.1.5 allows an attacker to inject arbitrary HTML tags in the pages: "experiments.php" (show …
|
CWE-79 CWE-94
Cross-site Scripting Code Injection
|
CVE-2024-47826
|
2024-11-9 00:41 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2438
|
7.5 |
HIGH
Network
vercel
|
next.js
|
Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a …
|
CWE-674
Uncontrolled Recursion
|
CVE-2024-47831
|
2024-11-9 00:39 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2439
|
6.1 |
MEDIUM
Network
|
forgerock
|
access_management
|
An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under…
|
CWE-601
Open Redirect
|
CVE-2024-25566
|
2024-11-9 00:38 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2440
|
- |
|
-
|
-
|
The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and escape some parameters when accepting event registrations, which could allow unauthenticated users to p…
|
-
|
CVE-2024-7982
|
2024-11-9 00:35 |
2024-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|