471
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_value' parameter in all versions up to, and including, 1.2.83 due to insufficient input sa…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9350
|
2024-10-18 14:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
472
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and out…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8916
|
2024-10-18 14:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
473
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8790
|
2024-10-18 14:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
474
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8740
|
2024-10-18 14:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
475
|
9.8 |
CRITICAL
Network
-
|
-
|
The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests.
|
CWE-78
OS Command
|
CVE-2024-10119
|
2024-10-18 14:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
476
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10049
|
2024-10-18 14:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
477
|
5.3 |
MEDIUM
Network
-
|
-
|
The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_a…
|
CWE-352
Origin Validation Error
|
CVE-2024-10040
|
2024-10-18 14:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
478
|
- |
|
-
|
-
|
The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on us…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10014
|
2024-10-18 14:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
479
|
- |
|
-
|
-
|
The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, le…
|
-
|
CVE-2024-9264
|
2024-10-18 13:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
480
|
9.8 |
CRITICAL
Network
-
|
-
|
SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system c…
|
CWE-78
OS Command
|
CVE-2024-10118
|
2024-10-18 13:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|