|
121
|
4.3 |
MEDIUM
Network
|
limitloginattempts
|
limit_login_attempts_reloaded
|
The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update stat…
Update
|
CWE-862
Missing Authorization
|
CVE-2023-5525
|
2024-10-2 00:35 |
2023-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
5.4 |
MEDIUM
Network
|
thimpress
|
wp_hotel_booking
|
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated user…
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-5651
|
2024-10-2 00:35 |
2023-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
9.1 |
CRITICAL
Network
atlassian
|
jira_service_management
|
An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management inst…
Update
|
CWE-287
Improper Authentication
|
CVE-2023-22501
|
2024-10-2 00:35 |
2023-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
124
|
7.8 |
HIGH
Local
|
microsoft
git_for_windows_project
|
visual_studio_2022
visual_studio_2017
visual_studio_2019
git_for_windows
|
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
Update
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2022-24767
|
2024-10-2 00:35 |
2022-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
125
|
7.8 |
HIGH
Local
|
amazon
|
freertos
|
FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming t…
Update
|
NVD-CWE-Other
|
CVE-2024-28115
|
2024-10-2 00:31 |
2024-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
126
|
5.4 |
MEDIUM
Network
|
jellyfin
|
jellyfin
|
Jellyfin is an open source self hosted media server. The Jellyfin user profile image upload accepts SVG files, allowing for a stored XSS attack against an admin user via a specially crafted malicious…
Update
|
NVD-CWE-noinfo
|
CVE-2024-43801
|
2024-10-2 00:25 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
127
|
5.5 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-45306
|
2024-10-2 00:20 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
- |
|
-
|
-
|
eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricte…
New
|
CWE-284
Improper Access Control
|
CVE-2024-45408
|
2024-10-2 00:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
129
|
- |
|
-
|
-
|
Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8.
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-41673
|
2024-10-2 00:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
- |
|
-
|
-
|
Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows attackers (with access to the database or exported configuration files) to obtain SNMP user…
New
|
-
|
CVE-2024-25658
|
2024-10-2 00:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
