711
|
9.8 |
CRITICAL
Network
-
|
-
|
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due to missing validation on the user being supplied in the 'crypto_connect_ajax…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-9988
|
2024-10-30 02:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
712
|
- |
|
-
|
-
|
ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. Serv…
New
|
-
|
CVE-2024-8924
|
2024-10-30 02:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
713
|
- |
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite – Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite – Advance…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-50466
|
2024-10-30 02:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
714
|
- |
|
-
|
-
|
Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stri…
New
|
CWE-862
Missing Authorization
|
CVE-2024-50459
|
2024-10-30 02:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
715
|
- |
|
-
|
-
|
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used.
The issue arises from improper…
New
|
-
|
CVE-2024-10491
|
2024-10-30 02:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
716
|
- |
|
-
|
-
|
ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context…
New
|
-
|
CVE-2024-8923
|
2024-10-30 02:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
717
|
5.4 |
MEDIUM
Network
|
jetbrains
|
hub
|
In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services
New
|
CWE-862
Missing Authorization
|
CVE-2024-50573
|
2024-10-30 02:12 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
718
|
4.8 |
MEDIUM
Network
|
villatheme
|
woocommerce_email_template_customizer
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-49288
|
2024-10-30 01:59 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
719
|
5.4 |
MEDIUM
Network
|
tiandiyoyo
|
flat_ui_button
|
The Flat UI Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's flatbtn shortcode in version 1.0 due to insufficient input sanitization and output escaping on us…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-10014
|
2024-10-30 01:58 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
720
|
- |
|
-
|
-
|
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.
Update
|
-
|
CVE-2024-49214
|
2024-10-30 01:35 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|