|
21
|
8.1 |
HIGH
Network
|
-
|
-
|
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being…
New
|
-
|
CVE-2024-9861
|
2024-10-17 11:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and…
New
|
-
|
CVE-2024-9240
|
2024-10-17 11:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
8.8 |
HIGH
Network
|
-
|
-
|
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Ta…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-9215
|
2024-10-17 11:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
- |
|
-
|
-
|
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker w…
New
|
CWE-89
SQL Injection
|
CVE-2024-45767
|
2024-10-17 11:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
- |
|
-
|
-
|
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could pot…
New
|
CWE-94
Code Injection
|
CVE-2024-45766
|
2024-10-17 11:15 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
- |
|
-
|
-
|
Multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION are vulnerable to insufficient access restrictions for Device Setting pages. If this vulnerabili…
Update
|
-
|
CVE-2024-47044
|
2024-10-17 11:15 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
- |
|
-
|
-
|
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, …
Update
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2024-3727
|
2024-10-17 10:15 |
2024-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
7.4 |
HIGH
Network
|
microsoft
|
azure_sdk_for_java
|
Azure SDK for Java Security Feature Bypass Vulnerability
Update
|
NVD-CWE-noinfo
|
CVE-2020-16971
|
2024-10-17 10:15 |
2020-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
8.8 |
HIGH
Network
|
splunk
|
splunk
|
In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) due to an ins…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-45733
|
2024-10-17 07:26 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
4.3 |
MEDIUM
Network
|
splunk
|
splunk
splunk_cloud_platform
|
In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform versions below 3.4.259, 3.6.17, and 3.7.0, a low-privileged user that does not hold th…
New
|
NVD-CWE-noinfo
|
CVE-2024-45735
|
2024-10-17 07:20 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
