41
|
- |
|
-
|
-
|
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault …
New
|
-
|
CVE-2024-9180
|
2024-10-11 06:15 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
42
|
- |
|
-
|
-
|
An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerabili…
Update
|
-
|
CVE-2024-23612
|
2024-10-11 06:15 |
2024-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
43
|
- |
|
-
|
-
|
An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerabili…
Update
|
-
|
CVE-2024-23609
|
2024-10-11 06:15 |
2024-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
44
|
5.5 |
MEDIUM
Local
|
ni
|
topografix_data_plugin diadem veristand flexlogger
|
An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially cra…
Update
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2023-5136
|
2024-10-11 06:15 |
2023-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
45
|
6.5 |
MEDIUM
Network
|
shilpi
|
client_dashboard
|
This vulnerability exists in Shilpi Client Dashboard due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this vulnerability by includin…
Update
|
NVD-CWE-Other
|
CVE-2024-47651
|
2024-10-11 06:01 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
46
|
5.4 |
MEDIUM
Network
|
prontotools
|
login_logout_shortcode
|
The Login Logout Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitizati…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9421
|
2024-10-11 05:59 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
47
|
5.4 |
MEDIUM
Network
|
acekyd
|
display_medium_posts
|
The Display Medium Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_medium_posts shortcode in all versions up to, and including, 5.0.1 due to insuffici…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9445
|
2024-10-11 05:58 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
48
|
5.4 |
MEDIUM
Network
|
davidartiss
|
code_embed
|
The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's script embed functionality in all versions up to, and including, 2.4 due to insufficient restrictions…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8804
|
2024-10-11 05:56 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
49
|
6.1 |
MEDIUM
Network
|
wpfactory
|
quantity_dynamic_pricing_\&_bulk_discounts_for_woocommerce
|
The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9384
|
2024-10-11 05:52 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
50
|
6.1 |
MEDIUM
Network
|
techbanker
|
captcha_bank
|
The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versio…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9375
|
2024-10-11 05:44 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|