|
1121
|
5.3 |
MEDIUM
Network
peepso
|
peepso
|
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.6.0. This is due…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-7426
|
2024-09-30 23:17 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1122
|
6.5 |
MEDIUM
Network
|
kimhuebel
|
blogintroduction-wordpress-plugin
|
The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them vi…
|
CWE-352
Origin Validation Error
|
CVE-2024-7862
|
2024-09-30 23:15 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1123
|
8.3 |
HIGH
Network
|
proges
|
sensor_net_connect_firmware_v2
|
A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a…
|
CWE-352
Origin Validation Error
|
CVE-2024-3083
|
2024-09-30 23:15 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1124
|
6.1 |
MEDIUM
Network
|
proges
|
sensor_net_connect_firmware_v2
|
A “CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')” allows malicious users to permanently inject arbitrary Javascript code.
|
CWE-79
Cross-site Scripting
|
CVE-2024-31199
|
2024-09-30 23:15 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1125
|
6.5 |
MEDIUM
Network
|
ibm
|
storage_defender
|
IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an…
|
CWE-295
Improper Certificate Validation
|
CVE-2024-38324
|
2024-09-30 23:10 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1126
|
5.3 |
MEDIUM
Network
|
tinfoilsecurity
|
devise-two-factor
|
Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret…
|
CWE-331
Insufficient Entropy
|
CVE-2024-8796
|
2024-09-30 23:10 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1127
|
6.5 |
MEDIUM
Network
|
rubayathasan
|
infolinks_ad_wrap
|
The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-8044
|
2024-09-30 23:03 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1128
|
9.8 |
CRITICAL
Network
myoffice
|
my_office_sdk
|
New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-47222
|
2024-09-30 23:02 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1129
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove
The following warning is seen during bwmon_remove due to re…
|
NVD-CWE-Other
|
CVE-2024-43850
|
2024-09-30 22:57 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1130
|
5.9 |
MEDIUM
Network
|
planetfitness
|
planet_fitness_workouts
|
The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail to properly validate TLS certificates, allowing an attacker with appropriate network acce…
|
CWE-295
Improper Certificate Validation
|
CVE-2024-43201
|
2024-09-30 22:55 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
