2601
|
5.4 |
MEDIUM
Network
|
timelord
|
elo_rating_shortcode
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marcel Pol Elo Rating Shortcode allows Stored XSS.This issue affects Elo Rating Shortcode:…
|
CWE-79
Cross-site Scripting
|
CVE-2024-51678
|
2024-11-7 07:10 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2602
|
5.4 |
MEDIUM
Network
|
webberzone
|
knowledge_base
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WebberZone Knowledge Base allows Stored XSS.This issue affects Knowledge Base: from n/a th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-51677
|
2024-11-7 07:10 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2603
|
8.8 |
HIGH
Network
|
mansurahamed
|
woocommerce_quote_calculator
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mansur Ahamed Woocommerce Quote Calculator allows Blind SQL Injection.This issue affects Woocomme…
|
CWE-89
SQL Injection
|
CVE-2024-51626
|
2024-11-7 07:10 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2604
|
7.2 |
HIGH
Network
|
wpdeveloper
|
betterlinks
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPDeveloper BetterLinks allows SQL Injection.This issue affects BetterLinks: from n/a through 2.1…
|
CWE-89
SQL Injection
|
CVE-2024-51672
|
2024-11-7 07:08 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2605
|
4.3 |
MEDIUM
Network
|
wpthemespace
|
magical_addons_for_elementor
|
Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor allows Server Side Request Forgery.This issue affects Magical Addons For Elementor: from n/a through 1.2.1.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-51665
|
2024-11-7 07:07 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2606
|
6.5 |
MEDIUM
Network
|
appsmith
|
appsmith
|
AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-51408
|
2024-11-7 07:06 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2607
|
4.9 |
MEDIUM
Network
|
topdata
|
inner_rep_plus
|
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Det…
|
CWE-549
Missing Password Field Masking
|
CVE-2024-10122
|
2024-11-7 07:05 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2608
|
- |
|
-
|
-
|
In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function, the line result = eval(s) poses a security risk as it can …
|
-
|
CVE-2024-48050
|
2024-11-7 06:35 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2609
|
- |
|
-
|
-
|
U-Boot environment is read from unauthenticated partition.
|
-
|
CVE-2024-22013
|
2024-11-7 06:35 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2610
|
- |
|
-
|
-
|
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-re…
|
-
|
CVE-2024-5642
|
2024-11-7 06:35 |
2024-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|