1451
|
9.8 |
CRITICAL
Network
purestorage
|
purity\/\/fa
|
A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2024-0001
|
2024-09-27 23:08 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1452
|
9.8 |
CRITICAL
Network
centurysys
|
futurenet_nxr-1300_firmware futurenet_nxr-g050_firmware futurenet_nxr-610x_firmware futurenet_vxr-x64 futurenet_vxr-x86 futurenet_nxr-g060_firmware futurenet_nxr-g100_firmware fu…
|
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow a remote unauthenticated attacker to execute an arbitrary OS command, obtain and/or alter sensitive informa…
|
CWE-78
OS Command
|
CVE-2024-36491
|
2024-09-27 23:05 |
2024-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1453
|
6.1 |
MEDIUM
Network
|
jenniferhall
|
filmix
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jennifer Hall Filmix allows Reflected XSS.This issue affects Filmix: from n/a through 1.1.
|
CWE-79
Cross-site Scripting
|
CVE-2024-44060
|
2024-09-27 23:04 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1454
|
6.1 |
MEDIUM
Network
|
averta
|
phlox
|
The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output …
|
CWE-79
Cross-site Scripting
|
CVE-2024-6339
|
2024-09-27 23:04 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1455
|
6.1 |
MEDIUM
Network
|
wpbookingsystem
|
wp_booking_system
|
The WP Booking System – Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the UR…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8797
|
2024-09-27 23:02 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1456
|
5.4 |
MEDIUM
Network
|
bricksbuilder
|
bricks
|
The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output es…
|
CWE-79
Cross-site Scripting
|
CVE-2023-3410
|
2024-09-27 22:58 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1457
|
8.8 |
HIGH
Network
|
idehweb
|
login_with_phone_number
|
The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check o…
|
NVD-CWE-noinfo
|
CVE-2024-6482
|
2024-09-27 22:54 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1458
|
5.5 |
MEDIUM
Network
|
ibericode
|
mailchimp
|
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitiza…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8680
|
2024-09-27 22:53 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1459
|
6.1 |
MEDIUM
Network
|
github
|
enterprise_server
|
A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social enginee…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8770
|
2024-09-27 22:49 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1460
|
6.1 |
MEDIUM
Network
|
boopathirajan
|
wp_test_email
|
The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8664
|
2024-09-27 22:48 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|