|
471
|
8.8 |
HIGH
Network
|
xwp
|
stream
|
The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect nonce validation on the network_options_ac…
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-7423
|
2024-09-27 05:08 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
472
|
6.1 |
MEDIUM
Network
|
slicewp
|
affiliate_program_suite
|
The WordPress Affiliates Plugin — SliceWP Affiliates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8714
|
2024-09-27 05:06 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
473
|
6.1 |
MEDIUM
Network
|
leira
|
roles_\&_capabilities
|
The Roles & Capabilities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includ…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8732
|
2024-09-27 05:01 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
474
|
6.1 |
MEDIUM
Network
|
cvstech
|
exit_notifier
|
The Exit Notifier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8730
|
2024-09-27 04:58 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
475
|
6.1 |
MEDIUM
Network
|
leira
|
cron_jobs
|
The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9.…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8731
|
2024-09-27 04:43 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
476
|
- |
|
-
|
-
|
The goTenna Pro series use AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to any attacker that can access the message.
New
|
CWE-353
Missing Support for Integrity Check
|
CVE-2024-47123
|
2024-09-27 04:35 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
477
|
- |
|
-
|
-
|
A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood Bank And Donation Management System 1.0 allows an attacker to inject malicious scripts that will be executed when the Donor List i…
New
|
-
|
CVE-2024-45984
|
2024-09-27 04:35 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
478
|
9.8 |
CRITICAL
Network
dedecms
|
dedecms
|
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2023-40784
|
2024-09-27 04:35 |
2023-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
479
|
7.8 |
HIGH
Local
|
raidenftpd
|
raidenftpd
|
Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard.
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2023-39063
|
2024-09-27 04:35 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
480
|
8.0 |
HIGH
Adjacent
|
tp-link
|
archer_c3150_firmware
|
Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
Update
|
CWE-78
OS Command
|
CVE-2023-38588
|
2024-09-27 04:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
