621
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capa…
|
CWE-862
Missing Authorization
|
CVE-2024-8771
|
2024-09-27 01:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
622
|
4.4 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-7259
|
2024-09-27 01:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
623
|
- |
|
-
|
-
|
Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.
|
-
|
CVE-2024-46632
|
2024-09-27 01:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
624
|
- |
|
-
|
-
|
A Cross-Site Request Forgery (CSRF) vulnerability exists in kishan0725's Hospital Management System version 6.3.5. The vulnerability allows an attacker to craft a malicious HTML form that submits a r…
|
-
|
CVE-2024-45983
|
2024-09-27 01:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
625
|
7.2 |
HIGH
Network
|
-
|
-
|
IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-43191
|
2024-09-27 01:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
626
|
- |
|
-
|
-
|
aimeos/ai-controller-frontend is the Aimeos frontend controller package for e-commerce projects. Prior to versions 2024.4.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, an insecure direct object…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-39319
|
2024-09-27 01:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
627
|
- |
|
-
|
-
|
Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0.
|
-
|
CVE-2024-46957
|
2024-09-27 01:15 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
628
|
8.8 |
HIGH
Network
|
buffercode
|
frontend_dashboard
|
The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up…
|
CWE-94
Code Injection
|
CVE-2024-8268
|
2024-09-27 01:15 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
629
|
- |
|
-
|
-
|
Veritas System Recovery before 23.3_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks.
|
-
|
CVE-2024-35204
|
2024-09-27 01:15 |
2024-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
630
|
6.5 |
MEDIUM
Network
|
pinpoint
|
pinpoint_booking_system
|
The Pinpoint Booking System – #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘schedule’ parameter in all versions up to, and including, 2.9.9.5.0 due to insuf…
|
CWE-89
SQL Injection
|
CVE-2024-7112
|
2024-09-27 01:12 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|