|
2531
|
9.8 |
CRITICAL
Network
telerik
|
ui_for_wpf
|
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-10095
|
2024-12-18 21:59 |
2024-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2532
|
- |
|
-
|
-
|
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Mighty Digital Partners allows Object Injection.This issue affects Partners: from n/a throug…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2024-56059
|
2024-12-18 21:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2533
|
- |
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in Gueststream VRPConnector allows Object Injection.This issue affects VRPConnector: from n/a through 2.0.1.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-56058
|
2024-12-18 21:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2534
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPTooling Image Mapper allows Reflected XSS.This issue affects Image Mapper: from n/a through 0.2…
|
CWE-79
Cross-site Scripting
|
CVE-2024-56016
|
2024-12-18 21:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2535
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy / PerfOps One Device Detector allows Reflected XSS.This issue affects Device Detect…
|
CWE-79
Cross-site Scripting
|
CVE-2024-56010
|
2024-12-18 21:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2536
|
- |
|
-
|
-
|
Missing Authorization vulnerability in spreadr Spreadr Woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through 1.0.4.
|
CWE-862
Missing Authorization
|
CVE-2024-56008
|
2024-12-18 21:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2537
|
- |
|
-
|
-
|
Missing Authorization vulnerability in Web Chunky Order Delivery & Pickup Location Date Time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery …
|
CWE-862
Missing Authorization
|
CVE-2024-55997
|
2024-12-18 21:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2538
|
- |
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ydesignservices YDS Support Ticket System allows SQL Injection.This issue affects YDS Support Tic…
|
CWE-89
SQL Injection
|
CVE-2024-55985
|
2024-12-18 21:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2539
|
- |
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susheelhbti Saksh Escrow System allows SQL Injection.This issue affects Saksh Escrow System: from…
|
CWE-89
SQL Injection
|
CVE-2024-55984
|
2024-12-18 21:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2540
|
- |
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Derek Hamilton PowerFormBuilder allows SQL Injection.This issue affects PowerFormBuilder: from n/…
|
CWE-89
SQL Injection
|
CVE-2024-55983
|
2024-12-18 21:15 |
2024-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
