281
|
3.7 |
LOW
Network
|
-
|
-
|
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerabilit…
New
|
CWE-1004
Sensitive Cookie Without 'HttpOnly' Flag
|
CVE-2022-43845
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
282
|
8.0 |
HIGH
Network
|
-
|
-
|
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a s…
New
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2021-38963
|
2024-09-26 22:32 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
283
|
- |
|
-
|
-
|
The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, an…
New
|
-
|
CVE-2022-2439
|
2024-09-26 22:32 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
284
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8662
|
2024-09-26 22:32 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
285
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input sanit…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8657
|
2024-09-26 22:32 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
286
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Pixel Cat – Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions u…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-8544
|
2024-09-26 22:32 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
287
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance() func…
New
|
CWE-862
Missing Authorization
|
CVE-2024-8432
|
2024-09-26 22:32 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
288
|
4.9 |
MEDIUM
Network
|
-
|
-
|
An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authentica…
New
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2024-38269
|
2024-09-26 22:32 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
289
|
4.9 |
MEDIUM
Network
|
-
|
-
|
An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated at…
New
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2024-38268
|
2024-09-26 22:32 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
290
|
4.9 |
MEDIUM
Network
|
-
|
-
|
An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated a…
New
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2024-38267
|
2024-09-26 22:32 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|