|
2361
|
9.8 |
CRITICAL
Network
lunary
|
lunary
|
A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary version v1.4.2. The `order by` clause of the SQL query uses `sql.unsafe` without prior sanitization, all…
|
CWE-89
SQL Injection
|
CVE-2024-7456
|
2024-11-7 00:45 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2362
|
4.8 |
MEDIUM
Network
|
dublue
|
table_of_contents_plus
|
The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting atta…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5578
|
2024-11-7 00:44 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2363
|
4.8 |
MEDIUM
Network
|
nsqua
|
simply_schedule_appointments
|
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high …
|
CWE-79
Cross-site Scripting
|
CVE-2024-7877
|
2024-11-7 00:42 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2364
|
4.8 |
MEDIUM
Network
|
nsqua
|
simply_schedule_appointments
|
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow h…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7876
|
2024-11-7 00:42 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2365
|
9.8 |
CRITICAL
Network
helloprint
|
helloprint
|
Unrestricted Upload of File with Dangerous Type vulnerability in Helloprint Plug your WooCommerce into the largest catalog of customized print products from Helloprint allows Upload a Web Shell to a …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-50525
|
2024-11-7 00:42 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2366
|
- |
|
-
|
-
|
An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room…
|
-
|
CVE-2024-42773
|
2024-11-7 00:35 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2367
|
- |
|
-
|
-
|
Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited t…
|
-
|
CVE-2024-6615
|
2024-11-7 00:35 |
2024-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2368
|
- |
|
-
|
-
|
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read s…
|
-
|
CVE-2024-23152
|
2024-11-7 00:35 |
2024-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2369
|
- |
|
-
|
-
|
In tpu_get_int_state of tpu.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. Us…
|
-
|
CVE-2024-32914
|
2024-11-7 00:35 |
2024-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2370
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
power: supply: bq27xxx-i2c: Do not free non existing IRQ
The bq27xxx i2c-client may not have an IRQ, in which case
client->irq wi…
|
-
|
CVE-2024-27412
|
2024-11-7 00:35 |
2024-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
