31
|
4.8 |
MEDIUM
Network
|
tagdiv
|
tagdiv_composer
|
The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin pr…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-3170
|
2024-09-27 01:35 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
32
|
6.1 |
MEDIUM
Network
|
tagdiv
|
tagdiv_composer
|
The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as esca…
Update
|
-
|
CVE-2023-3169
|
2024-09-27 01:35 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
33
|
6.1 |
MEDIUM
Network
|
gappointments
|
gappointments
|
The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agains…
Update
|
-
|
CVE-2023-2705
|
2024-09-27 01:35 |
2023-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
34
|
9.8 |
CRITICAL
Network
arris
|
tg852g_firmware tg862g_firmware tg1672g_firmware
|
An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame.
Update
|
NVD-CWE-noinfo
|
CVE-2023-40039
|
2024-09-27 01:35 |
2023-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
35
|
7.5 |
HIGH
Network
hamza417
|
inure
|
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.
Update
|
NVD-CWE-noinfo
|
CVE-2023-4876
|
2024-09-27 01:35 |
2023-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
36
|
5.3 |
MEDIUM
Network
hcltech
|
domino
|
In some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks.
Update
|
NVD-CWE-noinfo
|
CVE-2023-28010
|
2024-09-27 01:35 |
2023-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
37
|
9.8 |
CRITICAL
Network
code-projects
|
student_record_system
|
A vulnerability was found in code-projects Student Record System 1.0. It has been classified as critical. Affected is an unknown function of the file /pincode-verification.php. The manipulation of th…
Update
|
CWE-89
SQL Injection
|
CVE-2024-9080
|
2024-09-27 01:32 |
2024-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
38
|
9.8 |
CRITICAL
Network
code-projects
|
student_record_system
|
A vulnerability was found in code-projects Student Record System 1.0 and classified as critical. This issue affects some unknown processing of the file /marks.php. The manipulation of the argument co…
Update
|
CWE-89
SQL Injection
|
CVE-2024-9079
|
2024-09-27 01:32 |
2024-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
39
|
9.8 |
CRITICAL
Network
code-projects
|
student_record_system
|
A vulnerability has been found in code-projects Student Record System 1.0 and classified as critical. This vulnerability affects unknown code of the file /course.php. The manipulation of the argument…
Update
|
CWE-89
SQL Injection
|
CVE-2024-9078
|
2024-09-27 01:31 |
2024-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
40
|
4.3 |
MEDIUM
Network
|
infiniteuploads
|
big_file_uploads
|
The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. This is due the plugin not sanitizing …
Update
|
CWE-22
Path Traversal
|
CVE-2024-8538
|
2024-09-27 01:28 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|