841
|
- |
|
-
|
-
|
A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The vulnerability is present in the SetStationSettings function. The system directly invokes the system function to …
|
-
|
CVE-2024-45880
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
842
|
- |
|
-
|
-
|
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2024-45330
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
843
|
- |
|
-
|
-
|
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigne…
|
CWE-200
Information Exposure
|
CVE-2024-33506
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
844
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8482
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
845
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all …
|
CWE-862
Missing Authorization
|
CVE-2024-8431
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
846
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and includin…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9207
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
847
|
- |
|
-
|
-
|
CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be
remotely executed on the server when unsafely deserialized data is posted to the web server.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-9005
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
848
|
- |
|
-
|
-
|
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that
could cause exposure of credentials when attacker has access to application on network over
http
|
CWE-200
Information Exposure
|
CVE-2024-8884
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
849
|
- |
|
-
|
-
|
The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output esca…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8488
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
850
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8629
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|