331
|
- |
|
-
|
-
|
This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing …
New
|
CWE-415 CWE-416
Double Free Use After Free
|
CVE-2024-3187
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
332
|
- |
|
-
|
-
|
CWE-476 NULL Pointer Dereference vulnerability in the evalExpr() function of GoAhead Web Server (version <= 6.0.0) when compiled with the ME_GOAHEAD_JAVASCRIPT flag. This vulnerability allows a remot…
New
|
-
|
CVE-2024-3186
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
333
|
- |
|
-
|
-
|
Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for all…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-3184
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
334
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The ?????? ????? ??????? Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9213
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
335
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.35.1. This is due to m…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-9352
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
336
|
7.5 |
HIGH
Network
libexpat_project
|
libexpat
|
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
Update
|
CWE-611
XXE
|
CVE-2024-45490
|
2024-10-18 21:24 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
337
|
8.8 |
HIGH
Network
|
filemanagerpro
|
file_manager
|
The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possi…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2023-6846
|
2024-10-18 21:19 |
2024-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
338
|
6.1 |
MEDIUM
Network
|
filemanagerpro
|
file_manager
|
There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2018-16967
|
2024-10-18 21:19 |
2019-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
339
|
8.8 |
HIGH
Network
|
filemanagerpro
|
file_manager
|
There is a CSRF vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter.
Update
|
CWE-352
Origin Validation Error
|
CVE-2018-16966
|
2024-10-18 21:19 |
2019-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
340
|
5.4 |
MEDIUM
Network
|
filemanagerpro
|
file_manager
|
The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php an…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2018-16363
|
2024-10-18 21:19 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|