381
|
4.8 |
MEDIUM
Network
|
technowich
|
wp_ulike
|
The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-7878
|
2024-10-3 02:41 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
382
|
- |
|
-
|
-
|
OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload.
New
|
-
|
CVE-2024-46626
|
2024-10-3 02:35 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
383
|
- |
|
-
|
-
|
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `iss` (Issuer) claim of an ID Token, allowing attackers to subvert the authentication flow, potentiall…
New
|
-
|
CVE-2024-47807
|
2024-10-3 02:35 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
384
|
- |
|
-
|
-
|
Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a_1de8 and earlier does not check the `aud` (Audience) claim of an ID Token, allowing attackers to subvert the authentication flow, potentia…
New
|
-
|
CVE-2024-47806
|
2024-10-3 02:35 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
385
|
- |
|
-
|
-
|
According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the T…
New
|
-
|
CVE-2024-44097
|
2024-10-3 02:35 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
386
|
6.4 |
MEDIUM
Local
|
amd
|
epyc_8024pn_firmware epyc_8024p_firmware epyc_8124pn_firmware epyc_8124p_firmware epyc_8224pn_firmware epyc_8224p_firmware epyc_8324pn_firmware epyc_8324p_firmware epyc_8434pn…
|
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow
an attacker with ring0 privileges and access to the
BIOS menu or UEFI shell to modify the communications buffer potentially
resulting in arbitrar…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2023-20578
|
2024-10-3 02:35 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
387
|
8.8 |
HIGH
Network
|
apache
|
airflow
|
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authentic…
Update
|
NVD-CWE-Other
|
CVE-2023-39508
|
2024-10-3 02:35 |
2023-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
388
|
4.3 |
MEDIUM
Network
|
wpplugin
|
easy_paypal_events
|
The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeeve…
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-8476
|
2024-10-3 02:31 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
389
|
8.8 |
HIGH
Network
|
supsystic
|
slider social_share_buttons
|
Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons …
Update
|
CWE-862
Missing Authorization
|
CVE-2024-47330
|
2024-10-3 02:26 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
390
|
7.5 |
HIGH
Network
apache
|
maven_archetype
|
Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin.
This issue affects Maven Archetype Plugin: from 3.2.1 b…
Update
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-47197
|
2024-10-3 02:25 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|