1061
|
- |
|
-
|
-
|
Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive …
|
-
|
CVE-2024-37818
|
2024-10-5 04:15 |
2024-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1062
|
8.8 |
HIGH
Network
|
piwebsolution
|
product_enquiry_for_woocommerce
|
The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untr…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8922
|
2024-10-5 04:11 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1063
|
6.1 |
MEDIUM
Network
|
stellarwp
|
the_events_calendar
|
The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via RSVP name field in all versions up to, and including, 6.6.3 due to insufficient input sanitization and ou…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6931
|
2024-10-5 04:08 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1064
|
5.4 |
MEDIUM
Network
|
leap13
|
premium_addons_for_elementor
|
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8681
|
2024-10-5 04:04 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1065
|
5.4 |
MEDIUM
Network
|
codesupply
|
absolute_reviews
|
The Absolute Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Name' field of a custom post criteria in all versions up to, and including, 1.1.3 due to insufficient i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8965
|
2024-10-5 04:04 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1066
|
8.8 |
HIGH
Network
|
advantech
|
adam-5630_firmware
|
Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same
origin policy, which is designed to prevent different websites fro…
|
CWE-352
Origin Validation Error
|
CVE-2024-28948
|
2024-10-5 03:58 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1067
|
5.4 |
MEDIUM
Network
|
hyumika
|
openstreetmap
|
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osm_map and osm_map_v3 shortcodes in all versions up to, and including, 6.1.0 due to insuffi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8991
|
2024-10-5 03:56 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1068
|
5.4 |
MEDIUM
Network
|
fastlinemedia
|
beaver_builder
|
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versions up to, and including, 2.8.3.6 due to…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9049
|
2024-10-5 03:53 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1069
|
4.3 |
MEDIUM
Network
|
bg5sbk
|
minicms
|
A vulnerability was found in bg5sbk MiniCMS 1.11. It has been classified as problematic. Affected is an unknown function of the file page-edit.php. The manipulation leads to cross-site request forger…
|
CWE-352
Origin Validation Error
|
CVE-2024-9282
|
2024-10-5 03:33 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1070
|
7.5 |
HIGH
Network
amirraminfar
|
dozzle
|
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches …
|
CWE-326
Inadequate Encryption Strength
|
CVE-2024-47182
|
2024-10-5 03:31 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|