2161
|
4.8 |
MEDIUM
Network
|
labschool
|
social_pixel
|
The Social Pixel WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ev…
|
CWE-79
Cross-site Scripting
|
CVE-2024-4005
|
2024-11-1 23:42 |
2024-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2162
|
9.8 |
CRITICAL
Network
8theme
|
xstore
|
Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.
|
CWE-862
Missing Authorization
|
CVE-2024-33561
|
2024-11-1 23:42 |
2024-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2163
|
8.8 |
HIGH
Network
|
8theme
|
xstore
|
Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.
|
CWE-862
Missing Authorization
|
CVE-2024-33563
|
2024-11-1 23:41 |
2024-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2164
|
4.3 |
MEDIUM
Network
|
8theme
|
xstore
|
Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.
|
CWE-862
Missing Authorization
|
CVE-2024-33564
|
2024-11-1 23:37 |
2024-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2165
|
5.5 |
MEDIUM
Local
|
dell
|
e-lab_navigator
|
Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Su…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2023-44296
|
2024-11-1 23:37 |
2023-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2166
|
9.8 |
CRITICAL
Network
tenda
|
ac1206_firmware
|
A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23. This vulnerability affects the function ate_iwpriv_set/ate_ifconfig_set of the file /goform/ate. The manipulation l…
|
CWE-78
OS Command
|
CVE-2024-9793
|
2024-11-1 23:36 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2167
|
5.3 |
MEDIUM
Network
|
latchset
|
jwcrypto
|
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain clearte…
|
CWE-200
Information Exposure
|
CVE-2016-6298
|
2024-11-1 23:36 |
2016-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2168
|
- |
|
-
|
-
|
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). The password could be reset by anyone who have access to the ma…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2024-50356
|
2024-11-1 23:35 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2169
|
5.4 |
MEDIUM
Network
|
automattic
|
newspack_popups
|
Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1.
|
CWE-79
Cross-site Scripting
|
CVE-2024-37476
|
2024-11-1 23:35 |
2024-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2170
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
dm rq: don't queue request to blk-mq during DM suspend
DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue.
But…
|
-
|
CVE-2021-47498
|
2024-11-1 23:35 |
2024-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|