941
|
7.5 |
HIGH
Network
atlassian
|
crucible fisheye
|
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the …
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2021-43957
|
2024-10-8 04:36 |
2022-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
942
|
7.2 |
HIGH
Network
|
atlassian
|
jira_server jira_data_center
|
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center al…
Update
|
CWE-94
Code Injection
|
CVE-2021-43944
|
2024-10-8 04:36 |
2022-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
943
|
6.5 |
MEDIUM
Adjacent
|
gotenna
|
gotenna
|
In the goTenna Pro ATAK Plugin there is a vulnerability that makes it
possible to inject any custom message with any GID and Callsign using a
software defined radio in existing gotenna mesh network…
Update
|
NVD-CWE-Other
|
CVE-2024-41722
|
2024-10-8 04:35 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
944
|
6.5 |
MEDIUM
Adjacent
|
gotenna
|
gotenna
|
In the goTenna Pro ATAK Plugin application, the encryption keys are
stored along with a static IV on the device. This allows for complete
decryption of keys stored on the device. This allows an att…
Update
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2024-45374
|
2024-10-8 04:27 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
945
|
5.4 |
MEDIUM
Network
|
connekthq
|
ajax_load_more
|
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to in…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8505
|
2024-10-8 04:26 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
946
|
6.1 |
MEDIUM
Network
|
goldplugins
|
custom_banners
|
The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8799
|
2024-10-8 04:22 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
947
|
6.1 |
MEDIUM
Network
|
cornelraiu
|
wp_search_analytics
|
The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includi…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9209
|
2024-10-8 04:20 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
948
|
8.8 |
HIGH
Network
|
plugingarden
|
wp_easy_gallery
|
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘key’ parameter in all versions up to, and including, 4.8.5 due to insufficient e…
Update
|
CWE-89
SQL Injection
|
CVE-2024-9018
|
2024-10-8 04:20 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
949
|
6.5 |
MEDIUM
Network
|
kau-boys
|
hello_world
|
The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated…
Update
|
CWE-22
Path Traversal
|
CVE-2024-9224
|
2024-10-8 04:19 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
950
|
6.1 |
MEDIUM
Network
|
petershaw
|
lh_copy_media_file
|
The LH Copy Media File plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includin…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9220
|
2024-10-8 04:19 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|