|
314061
|
7.3 |
HIGH
Network
|
aftabhusain
|
enable_shortcodes_inside_widgets\
comments_and_experts
|
The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the softw…
|
CWE-94
Code Injection
|
CVE-2024-9846
|
2024-11-6 23:58 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314062
|
5.5 |
MEDIUM
Local
|
snowflake
|
snowflake_connector
|
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the loggin…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-49750
|
2024-11-6 23:58 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314063
|
9.8 |
CRITICAL
Network
|
gvectors
|
wpdiscuz
|
The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned b…
|
NVD-CWE-Other
|
CVE-2024-9488
|
2024-11-6 23:57 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314064
|
6.1 |
MEDIUM
Network
|
markjaquith
|
subscribe_to_comments
|
The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and inclu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8792
|
2024-11-6 23:51 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314065
|
5.4 |
MEDIUM
Network
|
instantcms
|
instantcms
|
InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-50348
|
2024-11-6 23:49 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314066
|
9.8 |
CRITICAL
Network
|
codezips
|
online_institute_management_system
|
A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the ar…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10765
|
2024-11-6 23:45 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314067
|
9.8 |
CRITICAL
Network
|
codezips
|
online_institute_management_system
|
A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argume…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10764
|
2024-11-6 23:44 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314068
|
7.1 |
HIGH
Local
|
apple
|
iphone_os
ipados
visionos
tvos
|
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted ba…
|
CWE-59
Link Following
|
CVE-2024-44258
|
2024-11-6 23:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314069
|
8.8 |
HIGH
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgra…
|
CWE-352
Origin Validation Error
|
CVE-2024-31998
|
2024-11-6 23:31 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314070
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be performed when importing this content. This iss…
|
CWE-79
Cross-site Scripting
|
CVE-2024-31448
|
2024-11-6 23:31 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
