|
661
|
9.8 |
CRITICAL
Network
mayurik
|
advocate_office_management_system
|
A vulnerability was found in SourceCodester Advocate Office Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /control/login.php. The manipulati…
|
CWE-89
SQL Injection
|
CVE-2024-9295
|
2024-10-1 20:36 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
662
|
9.8 |
CRITICAL
Network
mayurik
|
advocate_office_management_system
|
A vulnerability was found in SourceCodester Advocate Office Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /control/edit_client.php. The …
|
CWE-89
SQL Injection
|
CVE-2024-9328
|
2024-10-1 20:34 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
663
|
5.4 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 9.11.x <= 9.11.0, 9.10.x <= 9.10.1, 9.9.x <= 9.9.2 and 9.5.x <= 9.5.8 fail to properly authorize requests when viewing archived channels is disabled, which allows an attacker to r…
|
NVD-CWE-noinfo
|
CVE-2024-42406
|
2024-10-1 20:15 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
664
|
7.5 |
HIGH
Network
redhat
|
jboss_enterprise_application_platform
single_sign-on
jboss_fuse
process_automation
integration_camel_k
data_grid
build_of_apache_camel_for_spring_boot
build_of_apache_camel_-_haw…
|
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method proce…
|
NVD-CWE-noinfo
|
CVE-2024-7885
|
2024-10-1 20:15 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
665
|
4.8 |
MEDIUM
Network
|
capensis
|
canopsis
|
This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel.
|
CWE-79
Cross-site Scripting
|
CVE-2023-4564
|
2024-10-1 20:15 |
2023-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
666
|
4.8 |
MEDIUM
Network
|
capensis
|
canopsis
|
This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel.
|
CWE-79
Cross-site Scripting
|
CVE-2023-3196
|
2024-10-1 20:15 |
2023-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
667
|
- |
|
-
|
-
|
The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and out…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9118
|
2024-10-1 19:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
668
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping. This makes …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9060
|
2024-10-1 19:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
669
|
- |
|
-
|
-
|
An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protec…
|
-
|
CVE-2023-3441
|
2024-10-1 19:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
670
|
9.8 |
CRITICAL
Network
-
|
-
|
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callbac…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-9289
|
2024-10-1 18:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
