|
541
|
5.9 |
MEDIUM
Network
|
phpipam
|
phpipam
|
phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get…
Update
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-0787
|
2024-11-20 00:53 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
542
|
5.4 |
MEDIUM
Network
|
royal-elementor-addons
|
royal_elementor_addons
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficien…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9059
|
2024-11-20 00:53 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
543
|
6.1 |
MEDIUM
Network
|
advancedformintegration
|
advanced_form_integration
|
The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the UR…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-10877
|
2024-11-20 00:52 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
544
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
The ReadPSDChannelPixels function in coders/psd.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2016-7514
|
2024-11-20 00:51 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
545
|
7.2 |
HIGH
Network
|
mayurik
|
best_employee_management_system
|
A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/edit_role.php. The manipulation of …
Update
|
CWE-89
SQL Injection
|
CVE-2024-11213
|
2024-11-20 00:48 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
546
|
8.8 |
HIGH
Network
|
mayurik
|
best_employee_management_system
|
A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetch_…
Update
|
CWE-89
SQL Injection
|
CVE-2024-11212
|
2024-11-20 00:48 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
547
|
5.4 |
MEDIUM
Network
|
royal-elementor-addons
|
royal_elementor_addons
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to i…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9682
|
2024-11-20 00:47 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
548
|
9.8 |
CRITICAL
Network
ays-pro
|
chartify
|
The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for una…
Update
|
NVD-CWE-Other
|
CVE-2024-10571
|
2024-11-20 00:46 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
549
|
4.8 |
MEDIUM
Network
|
phpgurukul
|
user_registration_\&_login_and_user_management_system
|
A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows rem…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-48284
|
2024-11-20 00:45 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
550
|
4.3 |
MEDIUM
Network
|
janeczku
|
calibre-web
|
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `…
Update
|
CWE-862
Missing Authorization
|
CVE-2021-3987
|
2024-11-20 00:44 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
