271
|
6.1 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privileg…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-7354
|
2024-10-5 02:16 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
272
|
- |
|
-
|
-
|
TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function.
New
|
-
|
CVE-2024-46486
|
2024-10-5 02:15 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273
|
- |
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar …
New
|
-
|
CVE-2024-46409
|
2024-10-5 02:15 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
274
|
6.1 |
MEDIUM
Network
|
projectcaruso
|
flaming_forms
|
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-7691
|
2024-10-5 02:15 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
275
|
7.5 |
HIGH
Network
oceanicsoft
|
valeapp
|
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).This issue affects ValeApp: …
Update
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-8644
|
2024-10-5 02:14 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
276
|
9.8 |
CRITICAL
Network
oceanicsoft
|
valeapp
|
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0.
Update
|
CWE-384
Session Fixation
|
CVE-2024-8643
|
2024-10-5 02:14 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
277
|
6.1 |
MEDIUM
Network
|
projectcaruso
|
flaming_forms
|
The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agains…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-7692
|
2024-10-5 02:14 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
278
|
7.5 |
HIGH
Network
oceanicsoft
|
valeapp
|
Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information.This issue affects ValeApp: before v2.0.0.
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-8609
|
2024-10-5 02:12 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
279
|
9.8 |
CRITICAL
Network
oceanicsoft
|
valeapp
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL Injection.This issue affects ValeApp: before v2.0.0.
Update
|
CWE-89
SQL Injection
|
CVE-2024-8607
|
2024-10-5 02:12 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
280
|
7.8 |
HIGH
Local
|
trendmicro
|
apex_one
|
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the …
Update
|
CWE-59
Link Following
|
CVE-2024-36305
|
2024-10-5 02:12 |
2024-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|