|
841
|
4.3 |
MEDIUM
Network
|
futuriowp
|
futurio_extra
|
The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on wh…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10695
|
2024-11-15 04:44 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
842
|
6.1 |
MEDIUM
Network
|
wpplugin
|
contact_form_7_redirect_\&_thank_you_page
|
The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.0.6 due to insufficie…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-10685
|
2024-11-15 04:40 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
843
|
7.5 |
HIGH
Network
onedev_project
|
onedev
|
OneDev is a Git server with CI/CD, kanban, and packages. A vulnerability in versions prior to 11.0.9 allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This…
Update
|
CWE-22
Path Traversal
|
CVE-2024-45309
|
2024-11-15 04:39 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
844
|
8.1 |
HIGH
Network
|
ampache
|
ampache
|
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. …
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-51487
|
2024-11-15 04:37 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
845
|
9.8 |
CRITICAL
Network
mikexstudios
|
xcomic
|
A vulnerability classified as critical has been found in mikexstudios Xcomic up to 0.8.2. This affects an unknown part. The manipulation of the argument cmd leads to os command injection. It is possi…
Update
|
CWE-78
OS Command
|
CVE-2005-10003
|
2024-11-15 04:35 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
846
|
- |
|
-
|
-
|
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access user-sensitive data.
Update
|
-
|
CVE-2023-42840
|
2024-11-15 04:35 |
2024-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
847
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so.
Update
|
NVD-CWE-noinfo
|
CVE-2023-37767
|
2024-11-15 04:35 |
2023-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
848
|
5.3 |
MEDIUM
Network
jetbrains
|
ktor
|
In JetBrains Ktor before 3.0.0 improper caching in HttpCache Plugin could lead to response information disclosure
Update
|
NVD-CWE-Other
|
CVE-2024-49580
|
2024-11-15 04:25 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
849
|
6.1 |
MEDIUM
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests
Update
|
NVD-CWE-Other
|
CVE-2024-49579
|
2024-11-15 04:24 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
850
|
9.8 |
CRITICAL
Network
ninjateam
|
multi_step_for_contact_form_7
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Cont…
Update
|
CWE-89
SQL Injection
|
CVE-2024-47331
|
2024-11-15 04:22 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
