|
901
|
4.2 |
MEDIUM
Adjacent
|
jktyre
|
smart_tyre_car_\&_bike
|
An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications.
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2024-39081
|
2024-10-2 00:51 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
902
|
8.8 |
HIGH
Adjacent
|
circutor
|
q-smt_firmware
|
An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only im…
|
NVD-CWE-Other
|
CVE-2024-8890
|
2024-10-2 00:46 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
903
|
9.8 |
CRITICAL
Network
doverfuelingsolutions
|
progauge_maglink_lx_console_firmware
progauge_maglink_lx4_console_firmware
|
The web application for ProGauge MAGLINK LX4 CONSOLE contains an
administrative-level user account with a password that cannot be
changed.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-43423
|
2024-10-2 00:41 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
904
|
7.8 |
HIGH
Local
|
projectdiscovery
|
nuclei
|
Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow…
|
CWE-78
OS Command
|
CVE-2024-43405
|
2024-10-2 00:37 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
905
|
- |
|
-
|
-
|
The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a…
|
-
|
CVE-2024-8379
|
2024-10-2 00:35 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
906
|
4.8 |
MEDIUM
Network
|
codepeople
|
contact_form_email
|
The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting at…
|
CWE-79
Cross-site Scripting
|
CVE-2023-5955
|
2024-10-2 00:35 |
2023-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
907
|
5.3 |
MEDIUM
Network
wpbrigade
|
simple_social_buttons
|
The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags
|
NVD-CWE-noinfo
|
CVE-2023-5845
|
2024-10-2 00:35 |
2023-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
908
|
4.3 |
MEDIUM
Network
|
limitloginattempts
|
limit_login_attempts_reloaded
|
The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update stat…
|
CWE-862
Missing Authorization
|
CVE-2023-5525
|
2024-10-2 00:35 |
2023-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
909
|
5.4 |
MEDIUM
Network
|
thimpress
|
wp_hotel_booking
|
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated user…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-5651
|
2024-10-2 00:35 |
2023-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
910
|
9.1 |
CRITICAL
Network
atlassian
|
jira_service_management
|
An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management inst…
|
CWE-287
Improper Authentication
|
CVE-2023-22501
|
2024-10-2 00:35 |
2023-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
