|
961
|
5.4 |
MEDIUM
Network
|
checklist
|
trip_plan
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Checklist Trip Plan allows Stored XSS.This issue affects Trip Plan: from n/a through 1.0.1…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-50471
|
2024-10-31 10:37 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
962
|
5.4 |
MEDIUM
Network
|
themes4wp
|
youtube_external_subtitles
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themes4WP Themes4WP YouTube External Subtitles allows Stored XSS.This issue affects Themes…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-50470
|
2024-10-31 10:30 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
963
|
6.5 |
MEDIUM
Network
|
squirrly
|
premium_seo_pack
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP SEO – Calin Vingan Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: …
Update
|
CWE-89
SQL Injection
|
CVE-2024-50465
|
2024-10-31 10:27 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
964
|
8.8 |
HIGH
Network
|
projectworlds
|
online_time_table_generator
|
A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashbo…
Update
|
CWE-89
SQL Injection
|
CVE-2024-10447
|
2024-10-31 10:23 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
965
|
9.8 |
CRITICAL
Network
lubus
|
wp_query_console
|
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0.
Update
|
CWE-94
Code Injection
|
CVE-2024-50498
|
2024-10-31 10:16 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
966
|
9.8 |
CRITICAL
Network
scottpaterson
|
scottcart
|
Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson ScottCart allows Code Injection.This issue affects ScottCart: from n/a through 1.1.
Update
|
CWE-94
Code Injection
|
CVE-2024-50492
|
2024-10-31 10:12 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
967
|
5.3 |
MEDIUM
Network
cisco
|
adaptive_security_appliance_software
|
A vulnerability in the SSH server of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for the SSH server o…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-20526
|
2024-10-31 10:08 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
968
|
6.5 |
MEDIUM
Network
|
libsndfile_project
|
libsndfile
|
libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
Update
|
CWE-617
Reachable Assertion
|
CVE-2024-50613
|
2024-10-31 09:58 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
969
|
7.5 |
HIGH
Network
sun.net
|
ehdr_ctms
|
The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain f…
Update
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-10438
|
2024-10-31 09:52 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
970
|
7.5 |
HIGH
Network
sun.net
|
ehdr_ctms
|
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by …
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10439
|
2024-10-31 09:35 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
