1
|
8.8 |
HIGH
Network
|
bitapps
|
file_manager
|
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uplo…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7770
|
2024-09-27 02:49 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2
|
6.1 |
MEDIUM
Network
|
rocket.chat
|
rocket.chat
|
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message t…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-46934
|
2024-09-27 02:41 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
3
|
9.8 |
CRITICAL
Network
wpcom
|
wpcom_member
|
The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_…
Update
|
NVD-CWE-noinfo
|
CVE-2024-7493
|
2024-09-27 02:41 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
4
|
7.5 |
HIGH
Network
rocket.chat
|
rocket.chat
|
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an …
New
|
NVD-CWE-noinfo
|
CVE-2024-46935
|
2024-09-27 02:39 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
5
|
- |
|
-
|
-
|
A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext…
New
|
CWE-316
Cleartext Storage of Sensitive Information in Memory
|
CVE-2024-9203
|
2024-09-27 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
6
|
- |
|
-
|
-
|
The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing…
New
|
CWE-78
OS Command
|
CVE-2024-9166
|
2024-09-27 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
7
|
- |
|
-
|
-
|
Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via crafted web requests.
New
|
-
|
CVE-2024-46627
|
2024-09-27 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
8
|
- |
|
-
|
-
|
A host header injection vulnerability in scheduleR v0.0.18 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitr…
New
|
-
|
CVE-2024-45982
|
2024-09-27 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
9
|
- |
|
-
|
-
|
A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.
New
|
-
|
CVE-2024-45981
|
2024-09-27 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
10
|
- |
|
-
|
-
|
A host header injection vulnerability in MEANStore 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitraril…
New
|
-
|
CVE-2024-45980
|
2024-09-27 02:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|