821
|
5.4 |
MEDIUM
Network
|
lunary
|
lunary
|
In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended fo…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-5127
|
2024-10-9 22:38 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
822
|
- |
|
bold-themes
|
bold_page_builder
|
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization a…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-1160
|
2024-10-9 22:30 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
823
|
7.2 |
HIGH
Network
|
sygnoos
|
popup_builder
|
The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite Wo…
Update
|
CWE-22 CWE-918
Path Traversal Server-Side Request Forgery (SSRF)
|
CVE-2023-6294
|
2024-10-9 22:24 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
824
|
5.4 |
MEDIUM
Network
|
bold-themes
|
bold_page_builder
|
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.8.0 due to insufficient input sanitizatio…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-1159
|
2024-10-9 22:22 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
825
|
6.1 |
MEDIUM
Network
|
deconf
|
analytics_insights
|
The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it p…
Update
|
CWE-601
Open Redirect
|
CVE-2024-0250
|
2024-10-9 22:19 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
826
|
4.3 |
MEDIUM
Network
|
spider-themes
|
eazydocs
|
The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as sub…
Update
|
NVD-CWE-noinfo
|
CVE-2024-0248
|
2024-10-9 22:11 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
827
|
8.8 |
HIGH
Network
|
dlink
|
dir-619l_firmware
|
A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formEasySetPassword of the file /goform/formEasySetPassword. The m…
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-9569
|
2024-10-9 22:04 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
828
|
8.8 |
HIGH
Network
|
dlink
|
dir-619l_firmware
|
A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formAdvNetwork of the file /goform/formAdvNetwork. The manipulation of the argument c…
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-9568
|
2024-10-9 22:04 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
829
|
9.8 |
CRITICAL
Network
lightningai
|
pytorch_lightning
|
Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.
Update
|
CWE-94
Code Injection
|
CVE-2022-0845
|
2024-10-9 20:56 |
2022-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
830
|
7.8 |
HIGH
Local
|
lightningai
|
pytorch_lightning
|
pytorch-lightning is vulnerable to Deserialization of Untrusted Data
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-4118
|
2024-10-9 20:56 |
2021-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|