1071
|
9.8 |
CRITICAL
Network
-
|
-
|
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection …
New
|
CWE-89
SQL Injection
|
CVE-2024-10687
|
2024-11-6 01:04 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1072
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9667
|
2024-11-6 01:04 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1073
|
- |
|
-
|
-
|
Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which ma…
Update
|
CWE-284
Improper Access Control
|
CVE-2024-51734
|
2024-11-6 01:04 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1074
|
- |
|
-
|
-
|
Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes (Header, HeaderCollection and Authorize) are vulnerable to CRLF injection. The…
Update
|
CWE-93
CRLF Injection
|
CVE-2024-51501
|
2024-11-6 01:04 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1075
|
- |
|
-
|
-
|
Meshtastic firmware is a device firmware for the Meshtastic project. The Meshtastic firmware does not check for packets claiming to be from the special broadcast address (0xFFFFFFFF) which could resu…
Update
|
CWE-138 CWE-159
|
CVE-2024-51500
|
2024-11-6 01:04 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1076
|
- |
|
-
|
-
|
gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. An attacker can inject malicious content into a WebSocket …
Update
|
-
|
CVE-2024-48059
|
2024-11-6 01:04 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1077
|
- |
|
-
|
-
|
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way…
Update
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2024-51744
|
2024-11-6 01:04 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1078
|
- |
|
-
|
-
|
A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without the…
Update
|
-
|
CVE-2024-30617
|
2024-11-6 01:04 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1079
|
- |
|
-
|
-
|
Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity.
Update
|
-
|
CVE-2024-30616
|
2024-11-6 01:04 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1080
|
6.1 |
MEDIUM
Network
|
cisco
|
firepower_management_center
|
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-20372
|
2024-11-6 01:04 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|