1411
|
8.8 |
HIGH
Network
|
dedebiz
|
dedebiz
|
A vulnerability classified as critical was found in DedeBIZ 6.3.0. This vulnerability affects the function get_mime_type of the file /admin/dialog/select_images_post.php of the component Attachment S…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7906
|
2024-09-28 02:54 |
2024-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1412
|
9.1 |
CRITICAL
Network
centurysys
|
futurenet_nxr-1300_firmware futurenet_nxr-g050_firmware futurenet_nxr-610x_firmware futurenet_vxr-x64 futurenet_vxr-x86 futurenet_nxr-g060_firmware futurenet_nxr-g100_firmware fu…
|
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker t…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2024-31070
|
2024-09-28 02:54 |
2024-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1413
|
8.8 |
HIGH
Network
|
centurysys
|
futurenet_nxr-1300_firmware futurenet_nxr-g050_firmware futurenet_nxr-610x_firmware futurenet_vxr-x64 futurenet_vxr-x86 futurenet_nxr-g060_firmware futurenet_nxr-g100_firmware fu…
|
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the prod…
|
CWE-78
OS Command
|
CVE-2024-36475
|
2024-09-28 02:50 |
2024-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1414
|
6.5 |
MEDIUM
Network
|
github
|
enterprise_server
|
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content i…
|
CWE-863
Incorrect Authorization
|
CVE-2024-6337
|
2024-09-28 02:48 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1415
|
5.3 |
MEDIUM
Network
starkdigital
|
wp_testimonial_widget
|
The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and i…
|
CWE-862
Missing Authorization
|
CVE-2024-7390
|
2024-09-28 02:45 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1416
|
5.4 |
MEDIUM
Network
|
kirstyburgoine
|
responsive_video
|
The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's video settings function in all versions up to, and including, 1.0 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7629
|
2024-09-28 02:32 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1417
|
6.1 |
MEDIUM
Network
|
otasync
|
ota_sync_booking_engine_widget
|
The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation o…
|
CWE-352
Origin Validation Error
|
CVE-2024-7647
|
2024-09-28 02:31 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1418
|
9.8 |
CRITICAL
Network
sjhoo
|
woo_inquiry
|
The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient…
|
CWE-89
SQL Injection
|
CVE-2024-7854
|
2024-09-28 02:27 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1419
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
|
-
|
CVE-2024-9273
|
2024-09-28 02:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1420
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
|
-
|
CVE-2024-9268
|
2024-09-28 02:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|