|
31
|
- |
|
-
|
-
|
Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer overflow in the function 'formSetPPTPServer'.
New
|
-
|
CVE-2024-51116
|
2024-11-6 07:15 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
32
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes…
New
|
CWE-200
Information Exposure
|
CVE-2024-10084
|
2024-11-6 07:15 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
33
|
- |
|
-
|
-
|
Missing Authorization vulnerability in ??????? ????? Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6.
Update
|
CWE-862
Missing Authorization
|
CVE-2024-43219
|
2024-11-6 07:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
34
|
- |
|
-
|
-
|
The cap-std project is organized around the eponymous `cap-std` crate, and develops libraries to make it easy to write capability-based code. cap-std's filesystem sandbox implementation on Windows bl…
New
|
CWE-22
Path Traversal
|
CVE-2024-51756
|
2024-11-6 07:15 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
35
|
- |
|
-
|
-
|
Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so…
New
|
CWE-184
CWE-67
Incomplete Blacklist
|
CVE-2024-51745
|
2024-11-6 07:15 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
36
|
8.8 |
HIGH
Network
|
wpchill
|
strong_testimonials
|
Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-47362
|
2024-11-6 06:44 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
37
|
8.8 |
HIGH
Network
|
wpchill
|
htaccess_file_editor
|
Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Htaccess File Editor: from n/a through 1.0.1…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-49256
|
2024-11-6 06:38 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
38
|
9.8 |
CRITICAL
Network
lb-link
|
bl-wr1300h_firmware
|
LB-LINK BL-WR 1300H v.1.0.4 contains hardcoded credentials stored in /etc/shadow which are easily guessable.
Update
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-51431
|
2024-11-6 06:37 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
39
|
- |
|
-
|
-
|
A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.
New
|
-
|
CVE-2024-51329
|
2024-11-6 06:35 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
40
|
- |
|
-
|
-
|
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file.
New
|
-
|
CVE-2024-51136
|
2024-11-6 06:35 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
