101
|
- |
|
-
|
-
|
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cle…
New
|
-
|
CVE-2024-9463
|
2024-10-10 02:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
102
|
- |
|
-
|
-
|
A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.
New
|
-
|
CVE-2024-46307
|
2024-10-10 02:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
103
|
- |
|
-
|
-
|
An issue was discovered in Trusted Firmware-M through 2.1.0. User provided (and controlled) mailbox messages contain a pointer to a list of input arguments (in_vec) and output arguments (out_vec). Th…
New
|
-
|
CVE-2024-45746
|
2024-10-10 02:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
104
|
7.4 |
HIGH
Network
|
-
|
-
|
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector
New
|
CWE-200
Information Exposure
|
CVE-2024-43610
|
2024-10-10 02:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
105
|
- |
|
-
|
-
|
Lack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, rega…
New
|
-
|
CVE-2024-42988
|
2024-10-10 02:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
106
|
5.4 |
MEDIUM
Network
|
fooplugins
|
foogallery
|
The FooGallery WordPress plugin before 2.4.15, foogallery-premium WordPress plugin before 2.4.15 does not validate and escape some of its Gallery settings before outputting them back in the page, wh…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-2762
|
2024-10-10 02:12 |
2024-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
107
|
9.9 |
CRITICAL
Network
|
hitachienergy
|
unem foxman-un
|
A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious user
could use the passwords and login information to extend access on
…
Update
|
NVD-CWE-noinfo
|
CVE-2024-28020
|
2024-10-10 02:08 |
2024-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
108
|
8.8 |
HIGH
Network
|
mainwp
|
staging_extension
|
Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3.
Update
|
CWE-862
Missing Authorization
|
CVE-2023-23639
|
2024-10-10 02:05 |
2024-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
109
|
8.8 |
HIGH
Network
|
mrebabi
|
new_order_notification_for_woocommerce
|
Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from n/a through 2.0.2.
Update
|
CWE-862
Missing Authorization
|
CVE-2024-31098
|
2024-10-10 02:02 |
2024-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
110
|
8.8 |
HIGH
Network
|
codeless
|
cowidgets_elementor_addons
|
The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it poss…
Update
|
CWE-22
Path Traversal
|
CVE-2024-5179
|
2024-10-10 01:57 |
2024-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|