|
313111
|
6.5 |
MEDIUM
Network
|
elliot
|
ilc_thickbox
|
The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-7820
|
2024-09-28 03:08 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313112
|
9.1 |
CRITICAL
Network
|
matter-labs
|
zkvyper
|
zkvyper is a Vyper compiler. Starting in version 1.3.12 and prior to version 1.5.3, since LLL IR has no Turing-incompletness restrictions, it is compiled to a loop with a much more late exit conditio…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2024-43366
|
2024-09-28 03:08 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313113
|
6.1 |
MEDIUM
Network
|
gwycon
|
quick_code
|
The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XS…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7822
|
2024-09-28 03:06 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313114
|
6.5 |
MEDIUM
Network
|
visual_sound_project
|
visual_sound
|
The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-7859
|
2024-09-28 03:00 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313115
|
8.8 |
HIGH
Network
|
dedebiz
|
dedebiz
|
A vulnerability classified as critical was found in DedeBIZ 6.3.0. This vulnerability affects the function get_mime_type of the file /admin/dialog/select_images_post.php of the component Attachment S…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7906
|
2024-09-28 02:54 |
2024-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313116
|
6.5 |
MEDIUM
Network
|
github
|
enterprise_server
|
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content i…
|
CWE-863
Incorrect Authorization
|
CVE-2024-6337
|
2024-09-28 02:48 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313117
|
5.4 |
MEDIUM
Network
|
kirstyburgoine
|
responsive_video
|
The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's video settings function in all versions up to, and including, 1.0 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7629
|
2024-09-28 02:32 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313118
|
9.8 |
CRITICAL
Network
|
sjhoo
|
woo_inquiry
|
The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient…
|
CWE-89
SQL Injection
|
CVE-2024-7854
|
2024-09-28 02:27 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313119
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
|
-
|
CVE-2024-9273
|
2024-09-28 02:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313120
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
|
-
|
CVE-2024-9268
|
2024-09-28 02:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
