|
312721
|
5.4 |
MEDIUM
Network
|
sktthemes
|
posterity
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sonalsinha21 Posterity allows Stored XSS.This issue affects Posterity: from n/a through 3.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43995
|
2024-09-26 05:01 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312722
|
8.8 |
HIGH
Network
|
microsoft
|
groupme
|
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
|
NVD-CWE-noinfo
|
CVE-2024-38183
|
2024-09-26 04:59 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312723
|
6.1 |
MEDIUM
Network
|
mozilla
|
firefox
|
Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a …
|
CWE-601
Open Redirect
|
CVE-2024-8897
|
2024-09-26 04:49 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312724
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15. Privacy Indicators for microphone or camera access may be attributed incorrectly.
|
NVD-CWE-noinfo
|
CVE-2024-27875
|
2024-09-26 04:44 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312725
|
4.6 |
MEDIUM
Physics
|
apple
|
iphone_os
ipados
|
This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to use Siri to access sensitive user data.
|
NVD-CWE-noinfo
|
CVE-2024-40840
|
2024-09-26 04:42 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312726
|
8.8 |
HIGH
Network
|
pickplugins
|
post_grid
|
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta value…
|
NVD-CWE-noinfo
|
CVE-2024-8253
|
2024-09-26 04:42 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312727
|
4.8 |
MEDIUM
Network
|
enviragallery
|
envira_gallery
|
The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform…
|
CWE-79
Cross-site Scripting
|
CVE-2024-3899
|
2024-09-26 04:37 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312728
|
4.8 |
MEDIUM
Network
|
gsplugins
|
gs_logo_slider
|
The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7716
|
2024-09-26 04:35 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312729
|
5.4 |
MEDIUM
Network
|
wpdeveloper
|
essential_addons_for_elementor
|
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widge…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8440
|
2024-09-26 04:34 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312730
|
8.1 |
HIGH
Network
|
wpdelicious
|
wp_delicious
|
The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in t…
|
NVD-CWE-Other
|
CVE-2024-7626
|
2024-09-26 04:32 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
