111
|
- |
|
-
|
-
|
The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping…
New
|
CWE-89
SQL Injection
|
CVE-2019-25218
|
2024-10-19 13:15 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
112
|
4.3 |
MEDIUM
Network
|
discourse
|
discourse
|
Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of …
Update
|
NVD-CWE-noinfo
|
CVE-2024-43789
|
2024-10-19 10:13 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
113
|
8.2 |
HIGH
Network
discourse
|
discourse
|
Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, catego…
Update
|
NVD-CWE-noinfo
|
CVE-2024-45051
|
2024-10-19 10:11 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
114
|
4.3 |
MEDIUM
Network
|
discourse
|
discourse
|
Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta a…
Update
|
NVD-CWE-noinfo
|
CVE-2024-45297
|
2024-10-19 10:06 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
115
|
6.1 |
MEDIUM
Network
|
discourse
|
discourse
|
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This i…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-47772
|
2024-10-19 09:58 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
116
|
5.3 |
MEDIUM
Network
djangoproject
|
django
|
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to…
Update
|
NVD-CWE-noinfo
|
CVE-2024-45231
|
2024-10-19 09:56 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
117
|
7.5 |
HIGH
Network
djangoproject
|
django
|
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via ve…
Update
|
NVD-CWE-noinfo
|
CVE-2024-45230
|
2024-10-19 09:53 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
118
|
5.4 |
MEDIUM
Network
|
newtype
|
webeip
|
NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Script…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9969
|
2024-10-19 09:51 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
119
|
4.9 |
MEDIUM
Network
|
usualtool
|
usualtoolcms
|
A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the a…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-9917
|
2024-10-19 09:49 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
120
|
7.2 |
HIGH
Network
|
usualtool
|
usualtoolcms
|
A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the a…
Update
|
CWE-89
SQL Injection
|
CVE-2024-9918
|
2024-10-19 09:47 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|