1081
|
6.1 |
MEDIUM
Network
|
ibericode
|
mailchimp_top_bar
|
The MC4WP: Mailchimp Top Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and in…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9210
|
2024-10-9 00:34 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1082
|
8.8 |
HIGH
Network
|
cisco
|
nexus_dashboard_fabric_controller
|
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with low privileges to execute arbitrary code on an affected device.
This vulnerabil…
Update
|
CWE-22
Path Traversal
|
CVE-2024-20449
|
2024-10-9 00:33 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1083
|
6.1 |
MEDIUM
Network
|
themegrill
|
magazine_blocks
|
The Magazine Blocks – Blog Designer, Magazine & Newspaper Website Builder, Page Builder with Posts Blocks, Post Grid plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the us…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9218
|
2024-10-9 00:33 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1084
|
5.4 |
MEDIUM
Network
|
draytek
|
vigor3910_firmware vigor3912_firmware vigor2962_firmware vigor165_firmware vigor1000b_firmware vigor166_firmware vigor2135_firmware vigor2763_firmware vigor2765_firmware vi…
|
Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-41587
|
2024-10-9 00:32 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1085
|
7.5 |
HIGH
Network
draytek
|
vigor2620_firmware vigor2915_firmware vigor2866_firmware vigor2766_firmware vigor2865_firmware vigor2765_firmware vigor2763_firmware vigor2135_firmware vigor166_firmware vi…
|
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG o…
Update
|
CWE-326
Inadequate Encryption Strength
|
CVE-2024-41594
|
2024-10-9 00:31 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1086
|
5.5 |
MEDIUM
Network
|
cisco
|
nexus_dashboard_fabric_controller
|
A vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC), formerly Cisco Data Center Network Manager (DCNM), could allow an authenticated, remote attacker with network-admin privileges to pe…
Update
|
CWE-88
Argument Injection
|
CVE-2024-20444
|
2024-10-9 00:26 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1087
|
8.6 |
HIGH
Network
cisco
|
nexus_dashboard_fabric_controller
|
A vulnerability in the Cisco Nexus Dashboard Fabric Controller (NDFC) software, formerly Cisco Data Center Network Manager (DCNM), could allow an attacker with access to a backup file to view sensiti…
Update
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-20448
|
2024-10-9 00:25 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1088
|
8.6 |
HIGH
Network
cisco
|
nexus_dashboard_orchestrator nexus_dashboard_insights nexus_dashboard_fabric_controller
|
A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller (NDFC) and Cisco Nexus Dashboard Orchestrator (NDO) could allow an attacker with access to a tech support file to view…
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-20490
|
2024-10-9 00:15 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1089
|
6.1 |
MEDIUM
Network
|
berqier
|
berqwp
|
The BerqWP – Automated All-In-One PageSpeed Optimization Plugin for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via t…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9344
|
2024-10-9 00:06 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1090
|
7.5 |
HIGH
Network
veertu
|
anka_build_cloud
|
A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can result in a disclosure of arbitrary files. An atta…
|
CWE-22
Path Traversal
|
CVE-2024-41922
|
2024-10-8 23:48 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|