381
|
5.6 |
MEDIUM
Network
|
hitachienergy
|
unem foxman-un
|
A vulnerability exists in the UNEM server / APIGateway that if exploited allows a malicious user to perform an arbitrary number of
authentication attempts using different passwords, and eventually
ga…
Update
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-28022
|
2024-10-30 00:15 |
2024-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
382
|
9.9 |
CRITICAL
Network
|
hitachienergy
|
unem foxman-un
|
A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application
and server management. If exploited a malicious high-privileged
user could use the passwords and login information through…
Update
|
NVD-CWE-noinfo
|
CVE-2024-28020
|
2024-10-30 00:15 |
2024-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
383
|
7.4 |
HIGH
Network
|
hitachienergy
|
unem foxman_un foxman-un
|
A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message
queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of conf…
Update
|
CWE-295
Improper Certificate Validation
|
CVE-2024-28021
|
2024-10-30 00:15 |
2024-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
384
|
5.4 |
MEDIUM
Network
|
rextheme
|
wp_vr
|
Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4.
Update
|
CWE-862
Missing Authorization
|
CVE-2024-49293
|
2024-10-30 00:07 |
2024-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
385
|
6.1 |
MEDIUM
Network
|
edit_woocommerce_templates_project
|
edit_woocommerce_templates
|
The Edit WooCommerce Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.1.2 due to insufficient input sani…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-10049
|
2024-10-29 23:49 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
386
|
8.2 |
HIGH
Adjacent
|
eufy
|
homebase_2_firmware
|
The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation of this…
Update
|
CWE-331
Insufficient Entropy
|
CVE-2023-37822
|
2024-10-29 23:47 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
387
|
6.1 |
MEDIUM
Network
|
fatcatapps
|
getresponse_forms
|
The GetResponse Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8740
|
2024-10-29 23:46 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
388
|
6.1 |
MEDIUM
Network
|
themeinwp
|
social_share_with_floating_bar
|
The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8790
|
2024-10-29 23:44 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
389
|
5.4 |
MEDIUM
Network
|
sukiwp
|
suki_sites_import
|
The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and out…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8916
|
2024-10-29 23:37 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
390
|
- |
|
-
|
-
|
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a …
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-7807
|
2024-10-29 23:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|