2661
|
6.1 |
MEDIUM
Network
|
yithemes
|
yith_woocommerce_product_add-ons
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooComm…
|
CWE-79
Cross-site Scripting
|
CVE-2024-50448
|
2024-11-9 05:32 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2662
|
5.4 |
MEDIUM
Network
|
fatcatapps
|
easy_pricing_tables
|
The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘fontFamily’ attribute in all versions up to, and including, 3.2.6 …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8323
|
2024-11-9 05:30 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2663
|
5.4 |
MEDIUM
Network
|
pluginus
|
woot
|
The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_button shortcode in all versions u…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10168
|
2024-11-9 05:27 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2664
|
5.4 |
MEDIUM
Network
|
mappresspro
|
mappress
|
The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map block in all versions up to, and including, 2.94.1 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10715
|
2024-11-9 05:25 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2665
|
9.8 |
CRITICAL
Network
eyecix
|
jobsearch_wp_job_board
|
The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versio…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-8615
|
2024-11-9 05:24 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2666
|
8.8 |
HIGH
Network
|
eyecix
|
jobsearch_wp_job_board
|
The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and inc…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-8614
|
2024-11-9 05:23 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2667
|
5.3 |
MEDIUM
Network
dlink
|
dns-320_firmware dns-320lw_firmware dns-325_firmware dns-340l_firmware
|
A vulnerability classified as problematic has been found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. This affects an unknown part of the file /xml/info.xml of the component HTT…
|
NVD-CWE-Other
|
CVE-2024-10916
|
2024-11-9 05:11 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2668
|
9.8 |
CRITICAL
Network
dlink
|
dns-320_firmware dns-320lw_firmware dns-325_firmware dns-340l_firmware
|
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been rated as critical. Affected by this issue is the function cgi_user_add of the file /cgi-bin/ac…
|
CWE-78
OS Command
|
CVE-2024-10915
|
2024-11-9 05:11 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2669
|
5.4 |
MEDIUM
Network
|
envothemes
|
envo\'s_elementor_templates_\&_widgets_for_woocommerce
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This iss…
|
CWE-79
Cross-site Scripting
|
CVE-2024-50447
|
2024-11-9 05:07 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2670
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: SCO: Fix UAF on sco_sock_timeout
conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock
so this check…
|
CWE-416
Use After Free
|
CVE-2024-50125
|
2024-11-9 05:04 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|