851
|
4.3 |
MEDIUM
Network
|
ultimatemember
|
ultimate_member
|
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up …
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-8520
|
2024-10-9 06:50 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
852
|
6.1 |
MEDIUM
Network
|
clio
|
clio_grow
|
The Clio Grow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.2.…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8802
|
2024-10-9 06:49 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
853
|
8.8 |
HIGH
Network
|
cisco
|
ios_xr network_services_orchestrator small_business_rv_series_router_firmware
|
A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisc…
Update
|
NVD-CWE-noinfo
|
CVE-2024-20381
|
2024-10-9 06:43 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
854
|
9.8 |
CRITICAL
Network
agpt
|
autogpt
|
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command…
Update
|
CWE-78
OS Command
|
CVE-2024-1881
|
2024-10-9 06:38 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
855
|
8.8 |
HIGH
Network
|
apache
|
nifi
|
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver tha…
Update
|
CWE-94
Code Injection
|
CVE-2023-34468
|
2024-10-9 06:35 |
2023-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
856
|
8.2 |
HIGH
Network
ibm
|
doors_next
|
IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulner…
Update
|
CWE-611
XXE
|
CVE-2023-45192
|
2024-10-9 06:18 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
857
|
5.3 |
MEDIUM
Network
cisco
|
meraki_mx65_firmware meraki_mx64_firmware meraki_z4c_firmware meraki_z4_firmware meraki_z3c_firmware meraki_z3_firmware meraki_vmx_firmware meraki_mx600_firmware meraki_mx450_…
|
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-20513
|
2024-10-9 06:16 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
858
|
8.8 |
HIGH
Network
|
wpdeveloper
|
essential_blocks
|
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through 4.4.9.
Update
|
CWE-862
Missing Authorization
|
CVE-2024-30467
|
2024-10-9 06:09 |
2024-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
859
|
8.8 |
HIGH
Network
|
onthegosystems
|
woocommerce_multilingual_\&_multicurrency
|
Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.4.
Update
|
CWE-862
Missing Authorization
|
CVE-2024-30466
|
2024-10-9 06:04 |
2024-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
860
|
7.5 |
HIGH
Network
cisco
|
ios_xe
|
A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) co…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-20436
|
2024-10-9 06:00 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|