1
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sa…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9951
|
2024-10-17 17:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2
|
- |
|
-
|
-
|
This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing …
New
|
CWE-415 CWE-416
Double Free Use After Free
|
CVE-2024-3187
|
2024-10-17 17:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
3
|
- |
|
-
|
-
|
CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remot…
New
|
-
|
CVE-2024-3186
|
2024-10-17 17:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
4
|
- |
|
-
|
-
|
Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for all…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-3184
|
2024-10-17 17:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
5
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The ?????? ????? ??????? Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9213
|
2024-10-17 16:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
6
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to m…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-9352
|
2024-10-17 15:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
7
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to m…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-9351
|
2024-10-17 15:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
8
|
- |
|
-
|
-
|
The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role an…
New
|
-
|
CVE-2024-5429
|
2024-10-17 15:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
9
|
7.8 |
HIGH
Local
|
paloaltonetworks
|
globalprotect
|
A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY…
Update
|
NVD-CWE-noinfo
|
CVE-2024-9473
|
2024-10-17 15:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
10
|
6.5 |
MEDIUM
Network
|
paloaltonetworks
|
expedition
|
A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using thos…
Update
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-9466
|
2024-10-17 15:15 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|