|
314751
|
8.8 |
HIGH
Network
|
dlink
|
dir-619l_firmware
|
A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ. The manipulation of th…
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-9915
|
2024-10-17 00:26 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314752
|
8.8 |
HIGH
Network
|
shilpisoft
|
client_dashboard
|
This vulnerability exists in the Shilpi Client Dashboard due to improper validation of files being uploaded other than the specified extension. An authenticated remote attacker could exploit this vul…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-47655
|
2024-10-17 00:26 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314753
|
7.5 |
HIGH
Network
|
shilpisoft
|
client_dashboard
|
This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthenticated remote attacker could exploit thi…
|
NVD-CWE-Other
|
CVE-2024-47654
|
2024-10-17 00:17 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314754
|
7.2 |
HIGH
Network
|
kemptechnologies
|
multi-tenant_hypervisor_firmware
loadmaster
|
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects:
* LoadMaster: 7.2.40.0 and above
* ECS: All versions
* Multi-Tenancy: 7.1.35.4 and ab…
|
CWE-78
OS Command
|
CVE-2024-7591
|
2024-10-17 00:15 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314755
|
6.5 |
MEDIUM
Network
|
shilpisoft
|
client_dashboard
|
This vulnerability exists in Shilpi Client Dashboard due to lack of authorization for modification and cancellation requests through certain API endpoints. An authenticated remote attacker could expl…
|
NVD-CWE-Other
|
CVE-2024-47653
|
2024-10-17 00:13 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314756
|
6.1 |
MEDIUM
Network
|
wp-centrics
|
fish_and_ships
|
The Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without approp…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9237
|
2024-10-17 00:10 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314757
|
4.8 |
MEDIUM
Network
|
oretnom23
|
online_eyewear_shop
|
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=system_info/contact_info of the …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9952
|
2024-10-17 00:05 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314758
|
9.8 |
CRITICAL
Network
|
magicbug
|
cloudlog
|
Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection.
|
CWE-89
SQL Injection
|
CVE-2024-48253
|
2024-10-16 23:27 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314759
|
9.8 |
CRITICAL
Network
|
magicbug
|
cloudlog
|
Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection.
|
CWE-89
SQL Injection
|
CVE-2024-48255
|
2024-10-16 23:26 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314760
|
6.1 |
MEDIUM
Network
|
nerdpress
|
smart_custom_404_error_page
|
The Smart Custom 404 Error Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_SERVER['REQUEST_URI'] in all versions up to, and including, 11.4.7 due to insufficient input…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9204
|
2024-10-16 23:26 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
