1821
|
9.8 |
CRITICAL
Network
-
|
-
|
The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rl_do_ajax' f…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-10245
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1822
|
- |
|
-
|
-
|
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10323
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1823
|
7.3 |
HIGH
Local
|
-
|
-
|
A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2023-32736
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1824
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to …
|
-
|
CVE-2024-10179
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1825
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9357
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1826
|
- |
|
-
|
-
|
Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2024-47799
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1827
|
- |
|
-
|
-
|
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is explo…
|
CWE-78
OS Command
|
CVE-2024-45827
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1828
|
- |
|
-
|
-
|
Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alt…
|
CWE-489
Exposure of Data Element to Wrong Session
|
CVE-2024-29075
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1829
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sani…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10790
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1830
|
- |
|
-
|
-
|
PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing…
|
-
|
CVE-2024-50636
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|