|
1781
|
7.8 |
HIGH
Local
|
nvidia
|
nemo
|
NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to c…
|
CWE-22
Path Traversal
|
CVE-2024-0129
|
2024-11-9 00:33 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1782
|
6.1 |
MEDIUM
Network
|
castos
|
seriously_simple_podcasting
|
The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9667
|
2024-11-9 00:27 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1783
|
4.3 |
MEDIUM
Network
|
katieseaborn
|
zotpress
|
The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and includ…
|
CWE-862
Missing Authorization
|
CVE-2024-7429
|
2024-11-9 00:26 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1784
|
9.8 |
CRITICAL
Network
contest-gallery
|
contest_gallery
|
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection …
|
CWE-89
SQL Injection
|
CVE-2024-10687
|
2024-11-9 00:26 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1785
|
4.3 |
MEDIUM
Network
|
wpxpro
|
xpro_addons_for_elementor
|
The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the render function in widgets…
|
NVD-CWE-noinfo
|
CVE-2024-10319
|
2024-11-9 00:25 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1786
|
4.8 |
MEDIUM
Network
|
10web
|
photo_gallery
|
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to ins…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9878
|
2024-11-9 00:25 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1787
|
8.8 |
HIGH
Network
|
fileorganizer
|
fileorganizer
|
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7985
|
2024-11-9 00:22 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1788
|
4.8 |
MEDIUM
Network
|
robosoft
|
robo_gallery
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RoboSoft Robo Gallery allows Stored XSS.This issue affects Robo Gallery: from n/a through …
|
CWE-79
Cross-site Scripting
|
CVE-2024-49696
|
2024-11-9 00:21 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1789
|
6.5 |
MEDIUM
Network
|
63moons
|
aero
wave_2.0
|
This vulnerability exists in the Wave 2.0 due to weak encryption of sensitive data received at the API response. An authenticated remote attacker could exploit this vulnerability by manipulating a pa…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2024-51556
|
2024-11-9 00:20 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1790
|
5.4 |
MEDIUM
Network
|
spiffyplugins
|
wp_flow_plus
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49695
|
2024-11-9 00:20 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
