521
|
- |
|
-
|
-
|
The goTenna Pro series use AES CTR mode for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to any attacker that can access the message.
|
CWE-353
Missing Support for Integrity Check
|
CVE-2024-47123
|
2024-09-27 04:35 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
522
|
- |
|
-
|
-
|
A Cross Site Scripting (XSS) vulnerability in add_donor.php of Blood Bank And Donation Management System 1.0 allows an attacker to inject malicious scripts that will be executed when the Donor List i…
|
-
|
CVE-2024-45984
|
2024-09-27 04:35 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
523
|
9.8 |
CRITICAL
Network
dedecms
|
dedecms
|
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2023-40784
|
2024-09-27 04:35 |
2023-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
524
|
7.8 |
HIGH
Local
|
raidenftpd
|
raidenftpd
|
Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard.
|
CWE-120
Classic Buffer Overflow
|
CVE-2023-39063
|
2024-09-27 04:35 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
525
|
8.0 |
HIGH
Adjacent
|
tp-link
|
archer_c3150_firmware
|
Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
|
CWE-78
OS Command
|
CVE-2023-38588
|
2024-09-27 04:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
526
|
6.1 |
MEDIUM
Network
|
lucasstad
|
lucas_string_replace
|
The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includ…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8734
|
2024-09-27 04:30 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
527
|
5.4 |
MEDIUM
Network
|
khromov
|
email_obfuscate_shortcode
|
The Email Obfuscate Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode in all versions up to, and including, 2.0 due to insuffici…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8747
|
2024-09-27 04:23 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
528
|
6.1 |
MEDIUM
Network
|
kubiq
|
pdf_thumbnail_generator
|
The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and inc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8737
|
2024-09-27 04:18 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
529
|
4.3 |
MEDIUM
Network
|
sentry
|
sentry
|
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-45606
|
2024-09-27 04:16 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
530
|
- |
|
-
|
-
|
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.
|
-
|
CVE-2024-8118
|
2024-09-27 04:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|