991
|
5.4 |
MEDIUM
Network
|
technowich
|
wp_ulike
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TechnoWich WP ULike – Most Advanced WordPress Marketing Toolkit plugin <= 4.6.8 versions.
|
CWE-79
Cross-site Scripting
|
CVE-2023-45640
|
2024-10-3 02:44 |
2023-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
992
|
4.8 |
MEDIUM
Network
|
technowich
|
wp_ulike
|
The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7878
|
2024-10-3 02:41 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
993
|
6.4 |
MEDIUM
Local
|
amd
|
epyc_8024pn_firmware epyc_8024p_firmware epyc_8124pn_firmware epyc_8124p_firmware epyc_8224pn_firmware epyc_8224p_firmware epyc_8324pn_firmware epyc_8324p_firmware epyc_8434pn…
|
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow
an attacker with ring0 privileges and access to the
BIOS menu or UEFI shell to modify the communications buffer potentially
resulting in arbitrar…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2023-20578
|
2024-10-3 02:35 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
994
|
8.8 |
HIGH
Network
|
apache
|
airflow
|
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authentic…
|
NVD-CWE-Other
|
CVE-2023-39508
|
2024-10-3 02:35 |
2023-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
995
|
4.3 |
MEDIUM
Network
|
wpplugin
|
easy_paypal_events
|
The Easy PayPal Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the wpeeve…
|
CWE-352
Origin Validation Error
|
CVE-2024-8476
|
2024-10-3 02:31 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
996
|
8.8 |
HIGH
Network
|
supsystic
|
slider social_share_buttons
|
Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons …
|
CWE-862
Missing Authorization
|
CVE-2024-47330
|
2024-10-3 02:26 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
997
|
7.5 |
HIGH
Network
apache
|
maven_archetype
|
Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin.
This issue affects Maven Archetype Plugin: from 3.2.1 b…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-47197
|
2024-10-3 02:25 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
998
|
4.3 |
MEDIUM
Network
|
themehunk
|
easy_mega_menu_plugin
|
The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up…
|
CWE-862
Missing Authorization
|
CVE-2024-8434
|
2024-10-3 02:25 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
999
|
7.8 |
HIGH
Local
|
avg
|
internet_security
|
Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-6510
|
2024-10-3 02:17 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1000
|
6.1 |
MEDIUM
Network
|
dotsquares
|
contact_form_7_math_captcha
|
The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could …
|
CWE-79
Cross-site Scripting
|
CVE-2024-6517
|
2024-10-3 02:15 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|