|
2161
|
5.3 |
MEDIUM
Network
strategy11
|
formidable_form_builder
|
The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for u…
|
NVD-CWE-noinfo
|
CVE-2017-20194
|
2024-10-31 06:00 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2162
|
6.1 |
MEDIUM
Network
|
solarwinds
|
solarwinds_platform
|
The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.
|
CWE-79
Cross-site Scripting
|
CVE-2024-45715
|
2024-10-31 05:59 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2163
|
5.4 |
MEDIUM
Network
|
gtranslate
|
google_language_translator
|
The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitizat…
|
CWE-79
Cross-site Scripting
|
CVE-2021-4452
|
2024-10-31 05:57 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2164
|
4.3 |
MEDIUM
Network
|
sinaextra
|
sina_extension_for_elementor
|
The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-moda…
|
CWE-200
Information Exposure
|
CVE-2024-9540
|
2024-10-31 05:56 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2165
|
6.1 |
MEDIUM
Network
|
woo
|
product_vendors
|
The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output e…
|
CWE-79
Cross-site Scripting
|
CVE-2017-20193
|
2024-10-31 05:46 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2166
|
4.3 |
MEDIUM
Network
|
agnai
|
agnai
|
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen loca…
|
CWE-22
Path Traversal
|
CVE-2024-47171
|
2024-10-31 05:46 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2167
|
4.8 |
MEDIUM
Network
|
netgate
|
pfsense
|
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_e…
|
CWE-79
Cross-site Scripting
|
CVE-2024-46538
|
2024-10-31 05:45 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2168
|
7.5 |
HIGH
Network
apple
|
xcode
|
This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data.
|
NVD-CWE-noinfo
|
CVE-2024-44228
|
2024-10-31 05:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2169
|
- |
|
-
|
-
|
Ironman PowerShell Universal 5.x before 5.0.12 allows an authenticated attacker to elevate their privileges and view job information.
|
-
|
CVE-2024-50616
|
2024-10-31 05:35 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2170
|
- |
|
-
|
-
|
TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.
|
-
|
CVE-2024-50615
|
2024-10-31 05:35 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
