|
361
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on th…
New
|
-
|
CVE-2024-9434
|
2024-10-31 16:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362
|
5.3 |
MEDIUM
Network
-
|
-
|
The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded fun…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-9430
|
2024-10-31 16:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
363
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.4.4 …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9165
|
2024-10-31 16:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364
|
5.3 |
MEDIUM
Network
-
|
-
|
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the sub…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-9700
|
2024-10-31 15:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
365
|
9.8 |
CRITICAL
Network
-
|
-
|
The AI Power: Complete AI Pack plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_image_upload' function in all versions up to, and includ…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10392
|
2024-10-31 15:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
366
|
- |
|
-
|
-
|
Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this …
New
|
-
|
CVE-2024-21537
|
2024-10-31 14:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
367
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of ser…
Update
|
CWE-22
Path Traversal
|
CVE-2024-9676
|
2024-10-31 14:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
368
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw a…
Update
|
CWE-59
Link Following
|
CVE-2024-9341
|
2024-10-31 14:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
369
|
- |
|
-
|
-
|
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, …
Update
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2024-3727
|
2024-10-31 14:15 |
2024-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
370
|
7.5 |
HIGH
Network
automaticsystems
|
soc_fl9600_firstlane_firmware
|
Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00 allows a remote attacker to obtain sensitive information via csvServer.php?file= with a .. in the dir parameter.
Update
|
CWE-22
Path Traversal
|
CVE-2023-37607
|
2024-10-31 13:15 |
2024-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
