|
2131
|
9.8 |
CRITICAL
Network
riskengine
|
radar
|
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10121
|
2024-10-31 06:21 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2132
|
7.8 |
HIGH
Local
|
helakuru
|
helakuru
|
An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-48605
|
2024-10-31 06:19 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2133
|
4.9 |
MEDIUM
Network
|
i13websolution
|
photo_gallery_slideshow_\&_masonry_tiled_gallery
|
The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping…
|
CWE-89
SQL Injection
|
CVE-2019-25218
|
2024-10-31 06:18 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2134
|
4.3 |
MEDIUM
Network
|
nofusscomputing
|
centurion_erp
|
No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of.…
|
NVD-CWE-noinfo
|
CVE-2024-49373
|
2024-10-31 06:16 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2135
|
6.5 |
MEDIUM
Network
|
shudong-share_project
|
shudong-share
|
A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/create_share.php of the component Share Handler. The manipu…
|
CWE-89
SQL Injection
|
CVE-2024-10129
|
2024-10-31 06:15 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2136
|
9.8 |
CRITICAL
Network
najeebmedia
|
frontend_file_manager
post_front-end_form
|
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2016-15042
|
2024-10-31 06:12 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2137
|
9.8 |
CRITICAL
Network
themehunk
|
wp_popup_builder
|
The The WP Popup Builder – Popup Forms and Marketing Lead Generation plugin for WordPress is vulnerable to arbitrary shortcode execution via the wp_ajax_nopriv_shortcode_Api_Add AJAX action in all ve…
|
CWE-94
Code Injection
|
CVE-2024-9061
|
2024-10-31 06:11 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2138
|
6.5 |
MEDIUM
Network
|
suse
|
rancher
|
A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-use…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2023-22649
|
2024-10-31 06:08 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2139
|
9.8 |
CRITICAL
Network
motopress
|
timetable_and_event_schedule
|
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX…
|
CWE-862
Missing Authorization
|
CVE-2020-36840
|
2024-10-31 06:06 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2140
|
8.8 |
HIGH
Network
|
wpvivid
|
migration\
_backup\
_staging
|
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJA…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-36842
|
2024-10-31 06:03 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
