|
319011
|
5.4 |
MEDIUM
Network
|
zkteco
|
wdms
|
Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the Emp Name parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2023-51157
|
2024-10-3 01:58 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319012
|
7.2 |
HIGH
Network
|
uncannyowl
|
uncanny_groups_for_learndash
|
The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what user…
|
CWE-862
Missing Authorization
|
CVE-2024-8349
|
2024-10-3 01:50 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319013
|
6.5 |
MEDIUM
Network
|
madrasthemes
|
mas_static_content
|
The MAS Static Content plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.8 via the static_content() function. This makes it possible for authenticat…
|
NVD-CWE-noinfo
|
CVE-2024-8483
|
2024-10-3 01:42 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319014
|
6.1 |
MEDIUM
Network
|
outtheboxthemes
|
beam_me_up_scotty
|
The Beam me up Scotty – Back to Top Button plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8741
|
2024-10-3 01:37 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319015
|
8.8 |
HIGH
Network
|
ferrislucas
|
promptr
|
A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL.
|
CWE-94
Code Injection
|
CVE-2024-46489
|
2024-10-3 01:24 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319016
|
6.1 |
MEDIUM
Network
|
pierros
|
kodex_posts_likes
|
The Kodex Posts likes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8713
|
2024-10-3 01:22 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319017
|
9.8 |
CRITICAL
Network
|
artbees
|
jupiter_x_core
|
The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This ma…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-7781
|
2024-10-3 01:21 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319018
|
5.5 |
MEDIUM
Local
|
asg017
|
sqlite-vec
|
sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46488
|
2024-10-3 01:21 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319019
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
-
|
CVE-2024-5480
|
2024-10-3 01:15 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319020
|
9.8 |
CRITICAL
Network
|
artbees
|
jupiter_x_core
|
The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This m…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7772
|
2024-10-3 01:10 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
