|
312771
|
5.4 |
MEDIUM
Network
|
workdo
|
crmgo_saas
|
A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. This issue affects some unknown processing of the file /project/task/{task_id}/show. The manip…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9031
|
2024-09-26 01:52 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312772
|
3.3 |
LOW
Local
|
apple
|
macos
|
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device.
|
NVD-CWE-noinfo
|
CVE-2024-40838
|
2024-09-26 01:46 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312773
|
6.5 |
MEDIUM
Network
|
zitadel
|
zitadel
|
Zitadel is an open source identity management platform. In Zitadel, even after an organization is deactivated, associated projects, respectively their applications remain active. Users across other o…
|
CWE-863
Incorrect Authorization
|
CVE-2024-47060
|
2024-09-26 01:43 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312774
|
- |
|
-
|
-
|
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block. A rogue administrator could add a malicious payload by executing it in the browse…
|
-
|
CVE-2024-8661
|
2024-09-26 01:15 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312775
|
- |
|
-
|
-
|
In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocati…
|
-
|
CVE-2024-7625
|
2024-09-26 01:15 |
2024-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312776
|
4.8 |
MEDIUM
Network
|
ninjaforms
|
ninja_forms
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a thro…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43999
|
2024-09-26 00:15 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312777
|
6.5 |
MEDIUM
Adjacent
|
apple
|
iphone_os
ipados
|
This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A malicious Bluetooth input device may bypass pairing.
|
NVD-CWE-noinfo
|
CVE-2024-44124
|
2024-09-26 00:14 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312778
|
5.4 |
MEDIUM
Network
|
webhammer
|
wp_custom_fields_search
|
The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8364
|
2024-09-26 00:08 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312779
|
9.8 |
CRITICAL
Network
|
freeimage_project
|
freeimage
|
libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-31570
|
2024-09-25 23:57 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312780
|
9.8 |
CRITICAL
Network
|
spx
|
spx_graphics_controller
|
An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function.
|
CWE-94
Code Injection
|
CVE-2024-44623
|
2024-09-25 23:53 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
