1011
|
8.8 |
HIGH
Network
|
ferrislucas
|
promptr
|
A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL.
|
CWE-94
Code Injection
|
CVE-2024-46489
|
2024-10-3 01:24 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1012
|
6.1 |
MEDIUM
Network
|
pierros
|
kodex_posts_likes
|
The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8713
|
2024-10-3 01:22 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1013
|
9.8 |
CRITICAL
Network
artbees
|
jupiter_x_core
|
The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This ma…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-7781
|
2024-10-3 01:21 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1014
|
5.5 |
MEDIUM
Local
|
asg017
|
sqlite-vec
|
sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46488
|
2024-10-3 01:21 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1015
|
9.8 |
CRITICAL
Network
jianbo
|
rest_api_to_miniprogram
|
The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validati…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-8485
|
2024-10-3 01:19 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1016
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
-
|
CVE-2024-5480
|
2024-10-3 01:15 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1017
|
- |
|
-
|
-
|
The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupp…
|
-
|
CVE-2024-26265
|
2024-10-3 01:15 |
2024-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1018
|
8.1 |
HIGH
Network
|
liferay
|
dxp liferay_portal
|
In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter…
|
NVD-CWE-noinfo
|
CVE-2024-25148
|
2024-10-3 01:15 |
2024-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1019
|
6.5 |
MEDIUM
Network
|
liferay
|
dxp liferay_portal
|
The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported ve…
|
CWE-834
Excessive Iteration
|
CVE-2024-25144
|
2024-10-3 01:15 |
2024-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1020
|
- |
|
-
|
-
|
The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions,…
|
-
|
CVE-2024-25143
|
2024-10-3 01:15 |
2024-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|