621
|
8.8 |
HIGH
Network
|
hitachienergy
|
microscada_x_sys600
|
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names
that are used in filesystem operations. If exploited the vulnerability allows the at…
Update
|
CWE-88
Argument Injection
|
CVE-2024-3980
|
2024-10-29 23:15 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
622
|
8.8 |
HIGH
Network
|
wpchill
|
strong_testimonials
|
Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10.
Update
|
CWE-352
Origin Validation Error
|
CVE-2023-52123
|
2024-10-29 23:02 |
2024-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
623
|
6.1 |
MEDIUM
Network
|
wpchill
|
strong_testimonials
|
Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2020-8549
|
2024-10-29 23:02 |
2020-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
624
|
6.1 |
MEDIUM
Network
|
dpd
|
dpd_baltic_shipping
|
The DPD Baltic Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_value' parameter in all versions up to, and including, 1.2.83 due to insufficient input sa…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9350
|
2024-10-29 22:44 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
625
|
8.3 |
HIGH
Network
wpplugin
|
time_clock
|
The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the '…
Update
|
CWE-94
Code Injection
|
CVE-2024-9593
|
2024-10-29 22:40 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
626
|
9.8 |
CRITICAL
Network
learning_with_texts_project
|
learning_with_texts
|
Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting mali…
Update
|
CWE-89
SQL Injection
|
CVE-2024-48509
|
2024-10-29 22:38 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
627
|
6.1 |
MEDIUM
Network
|
projectworlds
|
student_project_allocation_system
|
A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the comp…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-0726
|
2024-10-29 22:15 |
2024-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
628
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'change_service' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitiz…
New
|
CWE-80
Basic XSS
|
CVE-2024-9438
|
2024-10-29 18:15 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
629
|
- |
|
-
|
-
|
Missing Authorization vulnerability in Szabolcs Szecsenyi PegaPoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through 1.0.2.
New
|
CWE-862
Missing Authorization
|
CVE-2024-50490
|
2024-10-29 18:15 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
630
|
- |
|
-
|
-
|
: Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through 1.5.
New
|
-
|
CVE-2024-50485
|
2024-10-29 18:15 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|