1481
|
9.8 |
CRITICAL
Network
trendylogics
|
crypto_currency_tracker
|
Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.
|
NVD-CWE-Other
|
CVE-2023-37759
|
2024-09-27 03:35 |
2023-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1482
|
5.4 |
MEDIUM
Network
|
muffingroup
|
betheme
|
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insufficient input sanitization and output escapi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5567
|
2024-09-27 03:27 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1483
|
7.5 |
HIGH
Network
hashicorp
|
nomad
|
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerabi…
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2024-1329
|
2024-09-27 03:15 |
2024-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1484
|
8.8 |
HIGH
Network
|
sirv
|
sirv
|
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in al…
|
CWE-862
Missing Authorization
|
CVE-2024-8480
|
2024-09-27 03:13 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1485
|
8.8 |
HIGH
Network
|
bitapps
|
file_manager
|
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uplo…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7770
|
2024-09-27 02:49 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1486
|
6.1 |
MEDIUM
Network
|
rocket.chat
|
rocket.chat
|
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-46934
|
2024-09-27 02:41 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1487
|
9.8 |
CRITICAL
Network
wpcom
|
wpcom_member
|
The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_…
|
NVD-CWE-noinfo
|
CVE-2024-7493
|
2024-09-27 02:41 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1488
|
7.5 |
HIGH
Network
rocket.chat
|
rocket.chat
|
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an …
|
NVD-CWE-noinfo
|
CVE-2024-46935
|
2024-09-27 02:39 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1489
|
6.8 |
MEDIUM
Network
|
hashicorp
|
vault
|
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with a…
|
CWE-20
Improper Input Validation
|
CVE-2023-4680
|
2024-09-27 02:15 |
2023-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1490
|
5.4 |
MEDIUM
Network
|
rocket.chat
|
rocket.chat
|
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps.
|
CWE-79
Cross-site Scripting
|
CVE-2024-47048
|
2024-09-27 02:12 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|