241
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and…
|
-
|
CVE-2024-9240
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
242
|
8.8 |
HIGH
Network
|
-
|
-
|
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Ta…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-9215
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
243
|
- |
|
-
|
-
|
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker w…
|
CWE-89
SQL Injection
|
CVE-2024-45767
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
244
|
- |
|
-
|
-
|
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could pot…
|
CWE-94
Code Injection
|
CVE-2024-45766
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
245
|
- |
|
-
|
-
|
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, o…
|
-
|
CVE-2024-7994
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
246
|
- |
|
-
|
-
|
A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or exec…
|
-
|
CVE-2024-7993
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
247
|
- |
|
-
|
-
|
RDS Light is a simplified version of the Reflective Dialogue System (RDS), a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation wit…
|
CWE-20 CWE-74
Improper Input Validation Injection
|
CVE-2024-48918
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
248
|
- |
|
-
|
-
|
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code
|
-
|
CVE-2024-48758
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
249
|
- |
|
-
|
-
|
ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.
|
-
|
CVE-2024-48180
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250
|
- |
|
-
|
-
|
Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the…
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2024-47889
|
2024-10-18 21:53 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|