|
2351
|
9.8 |
CRITICAL
Network
esafenet
|
cdg
|
A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation …
|
CWE-89
SQL Injection
|
CVE-2024-10597
|
2024-11-7 01:28 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2352
|
5.3 |
MEDIUM
Network
choplugins
|
order_notification_for_telegram
|
The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions u…
|
CWE-862
Missing Authorization
|
CVE-2024-9686
|
2024-11-7 01:19 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2353
|
3.6 |
LOW
Local
|
chidiwilliams
|
buzz
|
A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of the file buzz/model_loader.py. The manipulation leads to ins…
|
CWE-377
Insecure Temporary File
|
CVE-2024-10372
|
2024-11-7 01:14 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2354
|
5.4 |
MEDIUM
Network
|
sohelwpexpert
|
awesome_buttons
|
The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10148
|
2024-11-7 01:02 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2355
|
8.1 |
HIGH
Network
|
buddypress
|
buddypress
|
The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Su…
|
CWE-22
Path Traversal
|
CVE-2024-10011
|
2024-11-7 01:01 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2356
|
7.5 |
HIGH
Network
63moons
|
aero
wave_2.0
|
This vulnerability exists in Aero due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by interceptin…
|
NVD-CWE-Other
|
CVE-2024-51561
|
2024-11-7 00:59 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2357
|
6.1 |
MEDIUM
Network
|
bna
|
pospratik
|
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Bna Informatics PosPratik allows XSS Through HTTP Query Strings.This issue affects PosPratik: before v3.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9147
|
2024-11-7 00:53 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2358
|
8.8 |
HIGH
Network
|
thimpress
|
wp_hotel_booking
|
Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through 2.1.4.
|
CWE-22
Path Traversal
|
CVE-2024-51582
|
2024-11-7 00:47 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2359
|
9.8 |
CRITICAL
Network
rainbow-link
|
all_post_contact_form
|
Unrestricted Upload of File with Dangerous Type vulnerability in RainbowLink Inc. All Post Contact Form allows Upload a Web Shell to a Web Server.This issue affects All Post Contact Form: from n/a th…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-50523
|
2024-11-7 00:46 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2360
|
7.5 |
HIGH
Network
zimaspace
|
zimaos
|
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the ZimaOS API endpoint `http://<Zima_Server_IP:PORT>/v3/file?t…
|
CWE-22
Path Traversal
|
CVE-2024-48931
|
2024-11-7 00:46 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
