691
|
- |
|
-
|
-
|
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via ve…
|
-
|
CVE-2024-45230
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
692
|
- |
|
-
|
-
|
A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The vulnerability is present in the SetStationSettings function. The system directly invokes the system function to …
|
-
|
CVE-2024-45880
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
693
|
- |
|
-
|
-
|
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2024-45330
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
694
|
- |
|
-
|
-
|
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigne…
|
CWE-200
Information Exposure
|
CVE-2024-33506
|
2024-10-10 21:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
695
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8482
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
696
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all …
|
CWE-862
Missing Authorization
|
CVE-2024-8431
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
697
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and includin…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9207
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
698
|
- |
|
-
|
-
|
CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be
remotely executed on the server when unsafely deserialized data is posted to the web server.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-9005
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
699
|
- |
|
-
|
-
|
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that
could cause exposure of credentials when attacker has access to application on network over
http
|
CWE-200
Information Exposure
|
CVE-2024-8884
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
700
|
- |
|
-
|
-
|
The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output esca…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8488
|
2024-10-10 21:56 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|