511
|
- |
|
-
|
-
|
Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of shields using version < `server-2024-09-25` are v…
|
CWE-74
Injection
|
CVE-2024-47180
|
2024-09-27 05:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
512
|
- |
|
-
|
-
|
RSSHub is an RSS network. Prior to commit 64e00e7, RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning, which could have lead to a full repository takeover. Downstream users …
|
CWE-20
Improper Input Validation
|
CVE-2024-47179
|
2024-09-27 05:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
513
|
3.8 |
LOW
Network
|
hashicorp
|
nomad
|
HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
|
CWE-862
Missing Authorization
|
CVE-2023-3072
|
2024-09-27 05:15 |
2023-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
514
|
7.7 |
HIGH
Network
|
hashicorp
|
terraform_enterprise
|
Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potent…
|
CWE-863
Incorrect Authorization
|
CVE-2023-3114
|
2024-09-27 05:15 |
2023-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
515
|
5.4 |
MEDIUM
Network
|
allprices
|
beauty
|
The Beauty theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tpl_featured_cat_id’ parameter in all versions up to, and including, 1.1.4 due to insufficient input sanitization …
|
CWE-79
Cross-site Scripting
|
CVE-2024-5884
|
2024-09-27 05:13 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
516
|
8.8 |
HIGH
Network
|
xwp
|
stream
|
The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect nonce validation on the network_options_ac…
|
CWE-352
Origin Validation Error
|
CVE-2024-7423
|
2024-09-27 05:08 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
517
|
6.1 |
MEDIUM
Network
|
slicewp
|
affiliate_program_suite
|
The WordPress Affiliates Plugin — SliceWP Affiliates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8714
|
2024-09-27 05:06 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
518
|
6.1 |
MEDIUM
Network
|
leira
|
roles_\&_capabilities
|
The Roles & Capabilities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includ…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8732
|
2024-09-27 05:01 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
519
|
6.1 |
MEDIUM
Network
|
cvstech
|
exit_notifier
|
The Exit Notifier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8730
|
2024-09-27 04:58 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
520
|
6.1 |
MEDIUM
Network
|
leira
|
cron_jobs
|
The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.9.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8731
|
2024-09-27 04:43 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|