|
131
|
6.1 |
MEDIUM
Network
|
awplife
|
formula
|
The Formula theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in the 'quality_customizer_notify_dismiss_action' AJAX action in all versions up to, and includi…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-5613
|
2024-11-1 03:31 |
2024-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
132
|
5.4 |
MEDIUM
Network
|
webfactoryltd
|
minimal_coming_soon_\&_maintenance_mode
|
The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_aj…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-5087
|
2024-11-1 03:26 |
2024-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
133
|
7.8 |
HIGH
Local
|
linux
redhat
|
linux_kernel
enterprise_linux
|
In the Linux kernel, the following vulnerability has been resolved:
parport: Proper fix for array out-of-bounds access
The recent fix for array out-of-bounds accesses replaced sprintf()
calls blind…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2024-50074
|
2024-11-1 03:23 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
134
|
4.3 |
MEDIUM
Network
|
webfactoryltd
|
wp_reset
|
The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. This makes…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-4661
|
2024-11-1 03:21 |
2024-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
135
|
- |
|
-
|
-
|
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is…
New
|
CWE-89
SQL Injection
|
CVE-2024-51482
|
2024-11-1 03:15 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
136
|
- |
|
-
|
-
|
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. Prior to 1.4.0, there is an issue where verification signatures for requests sent to Reverb's Pusher-comp…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-50347
|
2024-11-1 03:15 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
137
|
9.1 |
CRITICAL
Network
gaizhenbiao
|
chuanhuchatgpt
|
A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files w…
New
|
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
|
CVE-2024-5823
|
2024-11-1 03:05 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
138
|
6.1 |
MEDIUM
Network
|
soft-master
|
affiliate_platform
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ilias Gomatos Affiliate Platform allows Reflected XSS.This issue affects Affiliate Platfor…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-49645
|
2024-11-1 02:59 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
139
|
6.1 |
MEDIUM
Network
|
wedevs
|
wp_erp
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs WP ERP allows Reflected XSS.This issue affects WP ERP: from n/a through 1.13.2.
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-47640
|
2024-11-1 02:39 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
140
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test…
New
|
-
|
CVE-2024-51430
|
2024-11-1 02:35 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
