|
312891
|
6.1 |
MEDIUM
Network
|
collabora
|
online
|
Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url e…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45045
|
2024-09-4 00:13 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312892
|
- |
|
-
|
-
|
BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. (The packet data also lacks authentication and integrity protection.)
|
-
|
CVE-2024-34463
|
2024-09-4 00:12 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312893
|
8.8 |
HIGH
Network
|
muffingroup
|
betheme
|
The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-2694
|
2024-09-4 00:10 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312894
|
5.4 |
MEDIUM
Network
|
muffingroup
|
betheme
|
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization…
|
CWE-79
Cross-site Scripting
|
CVE-2024-3998
|
2024-09-4 00:00 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312895
|
6.1 |
MEDIUM
Network
|
elecom
|
wrc-x3000gs2-b_firmware
wrc-x3000gs2-w_firmware
wrc-x3000gs2a-b_firmware
|
Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page whil…
|
CWE-79
Cross-site Scripting
|
CVE-2024-34577
|
2024-09-3 23:59 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312896
|
5.4 |
MEDIUM
Network
|
hubspot
|
hubspot
|
The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute of the HubSpot Meeting Widget in all version…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5879
|
2024-09-3 23:59 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312897
|
3.7 |
LOW
Network
|
elecom
|
wab-i1750-ps_firmware
|
Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-39300
|
2024-09-3 23:57 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312898
|
7.2 |
HIGH
Network
|
theeventscalendar
|
events_calendar_pro
|
The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in w…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8016
|
2024-09-3 23:51 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312899
|
6.3 |
MEDIUM
Network
|
tutorlms
|
tutor_lms_pro
|
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treport_quiz_atttempt_delete and t…
|
CWE-862
Missing Authorization
|
CVE-2024-5784
|
2024-09-3 23:48 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312900
|
4.3 |
MEDIUM
Network
|
themeific
|
tourfic
|
The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tf_order_status…
|
CWE-352
Origin Validation Error
|
CVE-2024-8319
|
2024-09-3 23:43 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
