1011
|
6.1 |
MEDIUM
Network
|
redhat
|
build_of_keycloak keycloak
|
An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. …
|
CWE-601
Open Redirect
|
CVE-2024-7260
|
2024-10-1 23:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1012
|
7.4 |
HIGH
Local
|
redhat fedoraproject
|
shim fedora
|
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value …
|
CWE-787 CWE-190
Out-of-bounds Write Integer Overflow or Wraparound
|
CVE-2023-40548
|
2024-10-1 23:15 |
2024-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1013
|
8.8 |
HIGH
Network
|
advancedfilemanager
|
advanced_file_manager
|
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.8. This makes it possible for a…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-8126
|
2024-10-1 23:14 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1014
|
5.4 |
MEDIUM
Network
|
alefypimentel
|
gf_custom_style
|
The GF Custom Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.0 due to insufficient input sanitization and output …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9173
|
2024-10-1 23:12 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1015
|
5.4 |
MEDIUM
Network
|
codecabin
|
super_testimonials
|
The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitizati…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9127
|
2024-10-1 23:09 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1016
|
5.4 |
MEDIUM
Network
|
kingblack
|
king_ie
|
The king_IE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9125
|
2024-10-1 23:00 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1017
|
5.4 |
MEDIUM
Network
|
mapplic
|
mapplic
|
The Mapplic Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output esc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9117
|
2024-10-1 22:56 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1018
|
5.4 |
MEDIUM
Network
|
chetanvaghela
|
common_tools_for_site
|
The Common Tools for Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9115
|
2024-10-1 22:47 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1019
|
6.1 |
MEDIUM
Network
|
nitinmaurya
|
wordpress_visitors
|
The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization a…
|
CWE-79
Cross-site Scripting
|
CVE-2022-4541
|
2024-10-1 22:46 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1020
|
5.3 |
MEDIUM
Network
codesupply
|
sight
|
The Sight – Professional Image Gallery and Portfolio plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handler_post_title' function in all ve…
|
CWE-862
Missing Authorization
|
CVE-2024-9025
|
2024-10-1 22:44 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|