|
2191
|
8.8 |
HIGH
Network
|
tenda
|
rx9_pro_firmware
|
A vulnerability classified as critical has been found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected is the function sub_42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of …
|
CWE-787
Out-of-bounds Write
|
CVE-2024-10281
|
2024-11-1 22:52 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2192
|
8.8 |
HIGH
Network
|
tenda
|
rx9_pro_firmware
|
A vulnerability classified as critical was found in Tenda RX9 and RX9 Pro 22.03.02.10/22.03.02.20. Affected by this vulnerability is the function sub_42EA38 of the file /goform/SetVirtualServerCfg. T…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-10282
|
2024-11-1 22:47 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2193
|
4.8 |
MEDIUM
Network
|
likeshop
|
likeshop
|
A vulnerability was found in Likeshop up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin of the component Merchandise Handler. The manipulation l…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5766
|
2024-11-1 22:44 |
2024-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2194
|
8.8 |
HIGH
Network
|
wpdevart
|
gallery
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gal…
|
CWE-89
SQL Injection
|
CVE-2024-35750
|
2024-11-1 22:37 |
2024-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2195
|
6.5 |
MEDIUM
Network
gsheetconnector
|
cf7_google_sheets_connector
|
The CF7 Google Sheets Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'execute_post_data_cg7_free' function in all versions …
|
CWE-862
Missing Authorization
|
CVE-2024-5654
|
2024-11-1 22:31 |
2024-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2196
|
- |
|
-
|
-
|
Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file down…
|
-
|
CVE-2024-48735
|
2024-11-1 22:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2197
|
- |
|
-
|
-
|
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.
|
-
|
CVE-2024-48063
|
2024-11-1 22:15 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2198
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10367
|
2024-11-1 21:57 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2199
|
6.1 |
MEDIUM
Network
|
-
|
-
|
IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Refl…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10652
|
2024-11-1 21:57 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2200
|
4.9 |
MEDIUM
Network
|
-
|
-
|
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this v…
|
CWE-36
Absolute Path Traversal
|
CVE-2024-10651
|
2024-11-1 21:57 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
