1941
|
6.5 |
MEDIUM
Network
|
funnelforms
|
funnelforms_free
|
The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. This is due to the plugin not pr…
|
CWE-22
Path Traversal
|
CVE-2024-6312
|
2024-09-13 01:47 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1942
|
7.2 |
HIGH
Network
|
funnelforms
|
funnelforms_free
|
The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. Thi…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-6311
|
2024-09-13 01:46 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1943
|
7.5 |
HIGH
Network
eclipse
|
vert.x
|
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).
This is fix…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-8391
|
2024-09-13 01:44 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1944
|
7.8 |
HIGH
Local
|
ni
|
labview
|
A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user …
|
CWE-787
Out-of-bounds Write
|
CVE-2024-4081
|
2024-09-13 01:43 |
2024-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1945
|
6.1 |
MEDIUM
Network
|
formfacade
|
formfacade
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in FormFacade allows Reflected XSS.This issue affects FormFacade: from n/a through 1.3.2.
|
CWE-79
Cross-site Scripting
|
CVE-2024-43313
|
2024-09-13 01:40 |
2024-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1946
|
5.5 |
MEDIUM
Local
|
dpgaspar
|
flask_app_builder
|
Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue …
|
NVD-CWE-Other
|
CVE-2024-45314
|
2024-09-13 01:39 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1947
|
5.4 |
MEDIUM
Network
|
wpsocio
|
wp_telegram_widget_and_join_link
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Socio WP Telegram Widget and Join Link allows Stored XSS.This issue affects WP Telegram…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43309
|
2024-09-13 01:39 |
2024-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1948
|
- |
|
-
|
-
|
SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component.
|
-
|
CVE-2024-42760
|
2024-09-13 01:35 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1949
|
8.2 |
HIGH
Network
linecorp
|
regina_sweets\&bakery
|
The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
|
NVD-CWE-noinfo
|
CVE-2023-39739
|
2024-09-13 01:35 |
2023-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1950
|
8.2 |
HIGH
Network
linecorp
|
matsuya
|
The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
|
NVD-CWE-noinfo
|
CVE-2023-39737
|
2024-09-13 01:35 |
2023-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|