571
|
- |
|
-
|
-
|
Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP…
New
|
CWE-444 CWE-367
HTTP Request Smuggling Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2024-49768
|
2024-10-30 00:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
572
|
4.1 |
MEDIUM
Local
|
hitachienergy
|
unem foxman-un
|
A vulnerability exists in the FOXMAN-UN/UNEM in which sensitive information is
stored in cleartext within a resource that might be accessible to another control sphere.
Update
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-28024
|
2024-10-30 00:15 |
2024-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
573
|
7.4 |
HIGH
Network
|
hitachienergy
|
unem foxman_un foxman-un
|
A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message
queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of conf…
Update
|
CWE-295
Improper Certificate Validation
|
CVE-2024-28021
|
2024-10-30 00:15 |
2024-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
574
|
5.4 |
MEDIUM
Network
|
rextheme
|
wp_vr
|
Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4.
Update
|
CWE-862
Missing Authorization
|
CVE-2024-49293
|
2024-10-30 00:07 |
2024-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
575
|
6.1 |
MEDIUM
Network
|
edit_woocommerce_templates_project
|
edit_woocommerce_templates
|
The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sani…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-10049
|
2024-10-29 23:49 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
576
|
8.2 |
HIGH
Adjacent
|
eufy
|
homebase_2_firmware
|
The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this…
Update
|
CWE-331
Insufficient Entropy
|
CVE-2023-37822
|
2024-10-29 23:47 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
577
|
6.1 |
MEDIUM
Network
|
fatcatapps
|
getresponse_forms
|
The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8740
|
2024-10-29 23:46 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
578
|
6.1 |
MEDIUM
Network
|
themeinwp
|
social_share_with_floating_bar
|
The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8790
|
2024-10-29 23:44 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
579
|
5.4 |
MEDIUM
Network
|
sukiwp
|
suki_sites_import
|
The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and out…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8916
|
2024-10-29 23:37 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
580
|
- |
|
-
|
-
|
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a …
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-7807
|
2024-10-29 23:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|