51
|
5.4 |
MEDIUM
Network
|
wpblockshub
|
wp_blocks_hub
|
The WP Blocks Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9372
|
2024-10-11 05:36 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
52
|
5.4 |
MEDIUM
Network
|
miguelmello
|
aggregator_advanced_settings
|
The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitizat…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9368
|
2024-10-11 05:30 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
53
|
6.1 |
MEDIUM
Network
|
michaeluno
|
auto_amazon_links
|
The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9349
|
2024-10-11 05:25 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
54
|
8.8 |
HIGH
Network
|
wpzoom
|
social_icons_widget
|
Missing Authorization vulnerability in WPZOOM Social Icons Widget & Block by WPZOOM.This issue affects Social Icons Widget & Block by WPZOOM: from n/a through 4.2.15.
Update
|
CWE-862
Missing Authorization
|
CVE-2024-30464
|
2024-10-11 05:24 |
2024-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
55
|
9.8 |
CRITICAL
Network
stanford
|
stanford_parser
|
stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an…
Update
|
CWE-94
Code Injection
|
CVE-2023-39020
|
2024-10-11 05:22 |
2023-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
56
|
8.8 |
HIGH
Network
|
pagelayer
|
pagelayer
|
Missing Authorization vulnerability in Pagelayer Team PageLayer.This issue affects PageLayer: from n/a through 1.8.1.
Update
|
CWE-862
Missing Authorization
|
CVE-2024-30465
|
2024-10-11 05:20 |
2024-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
57
|
9.8 |
CRITICAL
Network
dlink
|
dir-860l_firmware
|
In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can caus…
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-42812
|
2024-10-11 05:18 |
2024-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
58
|
- |
|
-
|
-
|
A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file sort2_user.php. The manipu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9810
|
2024-10-11 05:15 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
59
|
- |
|
-
|
-
|
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is the function delete_product of the file /classes/Master.php?f=…
New
|
CWE-89
SQL Injection
|
CVE-2024-9809
|
2024-10-11 05:15 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
60
|
- |
|
-
|
-
|
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=products/view_product. The manipulati…
New
|
CWE-89
SQL Injection
|
CVE-2024-9808
|
2024-10-11 05:15 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|