2631
|
5.5 |
MEDIUM
Local
|
huawei
|
harmonyos
|
Vulnerability of improper memory access in the phone service module
Impact: Successful exploitation of this vulnerability may affect availability.
|
CWE-129
Improper Validation of Array Index
|
CVE-2024-51517
|
2024-11-7 08:15 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2632
|
8.8 |
HIGH
Network
|
darkmysite
|
darkmysite
|
Cross-Site Request Forgery (CSRF) vulnerability in DarkMySite DarkMySite – Advanced Dark Mode Plugin for WordPress darkmysite allows Cross Site Request Forgery.This issue affects DarkMySite – Advance…
|
CWE-352
Origin Validation Error
|
CVE-2024-50466
|
2024-11-7 08:13 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2633
|
8.8 |
HIGH
Network
|
odude
|
crypto_tool
|
The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check'…
|
CWE-352
Origin Validation Error
|
CVE-2024-9990
|
2024-11-7 08:11 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2634
|
9.8 |
CRITICAL
Network
hmplugin
|
aidwp
|
Missing Authorization vulnerability in HM Plugin WordPress Stripe Donation and Payment Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Stri…
|
CWE-862
Missing Authorization
|
CVE-2024-50459
|
2024-11-7 08:11 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2635
|
5.3 |
MEDIUM
Network
openjsf
|
express
|
A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used.
The issue arises from improper…
|
NVD-CWE-noinfo
|
CVE-2024-10491
|
2024-11-7 08:08 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2636
|
4.9 |
MEDIUM
Network
|
bowo
|
code_explorer
|
The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessin…
|
NVD-CWE-Other
|
CVE-2023-5816
|
2024-11-7 08:07 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2637
|
5.4 |
MEDIUM
Network
|
joshlobe
|
ultimate_tinymce
|
The Ultimate TinyMCE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'field' shortcode in all versions up to, and including, 5.7 due to insufficient input sanitization and o…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8627
|
2024-11-7 08:06 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2638
|
5.5 |
MEDIUM
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sens…
|
CWE-611
XXE
|
CVE-2024-45086
|
2024-11-7 08:04 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2639
|
5.3 |
MEDIUM
Network
oracle
|
installed_base
|
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability a…
|
NVD-CWE-noinfo
|
CVE-2024-21258
|
2024-11-7 07:56 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2640
|
5.4 |
MEDIUM
Network
|
oracle
|
peoplesoft_enterprise_cost_center_common_application_objects
|
Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Activity Guide Composer). The supported version that is affected is 9.2. Easily exp…
|
NVD-CWE-noinfo
|
CVE-2024-21264
|
2024-11-7 07:56 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|