|
91
|
- |
|
-
|
-
|
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.
New
|
-
|
CVE-2024-55459
|
2025-01-10 00:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
92
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argumen…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2025-0349
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
93
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to,…
New
|
CWE-862
Missing Authorization
|
CVE-2024-6155
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
94
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including…
New
|
CWE-862
Missing Authorization
|
CVE-2024-5769
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
95
|
8.8 |
HIGH
Network
|
-
|
-
|
The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6. Th…
New
|
CWE-862
Missing Authorization
|
CVE-2024-12848
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
96
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Searchie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sio_embed_media' shortcode in all versions up to, and including, 1.17.0 due to insufficient input sani…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12819
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
97
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including, 3.0.8 due to insufficient input…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-12621
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
98
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including, 4.0.…
New
|
CWE-862
Missing Authorization
|
CVE-2024-12618
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
99
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and includin…
New
|
CWE-862
Missing Authorization
|
CVE-2024-12616
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
100
|
8.6 |
HIGH
Network
-
|
-
|
The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This …
New
|
CWE-862
Missing Authorization
|
CVE-2024-12542
|
2025-01-9 20:15 |
2025-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
