501
|
4.3 |
MEDIUM
Network
|
elementor
|
website_builder
|
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt funct…
|
NVD-CWE-noinfo
|
CVE-2024-6757
|
2024-10-18 06:09 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
502
|
7.8 |
HIGH
Local
|
microsoft
|
windows_server_2008 windows_server_2012 windows_10_1507 windows_server_2016 windows_server_2022_23h2 windows_10_1809 windows_server_2022 windows_10_1607 windows_server_2019
|
Windows Common Log File System Driver Elevation of Privilege Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-43501
|
2024-10-18 06:06 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
503
|
5.3 |
MEDIUM
Network
hcltech
|
bigfix_platform
|
A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-30117
|
2024-10-18 06:01 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
504
|
5.5 |
MEDIUM
Local
|
microsoft
|
windows_server_2022_23h2 windows_11_22h2 windows_11_23h2 windows_11_24h2
|
Windows Resilient File System (ReFS) Information Disclosure Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-43500
|
2024-10-18 06:01 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
505
|
4.9 |
MEDIUM
Network
|
cert
|
vince
|
A potential denial-of-service (DoS) vulnerability exists in CERT VINCE software versions prior to 3.0.8. An authenticated administrative user can inject an arbitrary pickle object into a user’s profi…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-9953
|
2024-10-18 05:59 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
506
|
7.1 |
HIGH
Local
|
microsoft
|
windows_10_1809 windows_server_2019 windows_10_21h2 windows_10_22h2
|
Windows Kernel Elevation of Privilege Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-43502
|
2024-10-18 05:58 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
507
|
6.3 |
MEDIUM
Network
|
apache
|
cloudstack
|
The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due …
|
CWE-862
Missing Authorization
|
CVE-2024-45461
|
2024-10-18 05:50 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
508
|
5.4 |
MEDIUM
Network
|
zaytech
|
smart_online_order_for_clover
|
The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to insu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9895
|
2024-10-18 05:50 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
509
|
6.1 |
MEDIUM
Network
|
woocommerce
|
woocommerce
|
The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted orde…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9944
|
2024-10-18 05:47 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
510
|
6.1 |
MEDIUM
Network
|
quantizor
|
markdown-to-jsx
|
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-21535
|
2024-10-18 05:36 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|