|
312001
|
4.3 |
MEDIUM
Network
|
sentry
|
sentry
|
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-45606
|
2024-09-27 04:16 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312002
|
4.3 |
MEDIUM
Network
|
sentry
|
sentry
|
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-45605
|
2024-09-27 04:14 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312003
|
9.8 |
CRITICAL
Network
|
apexsoftcell
|
ld_geo
ld_dp_back_office
|
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability b…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-47088
|
2024-09-27 04:12 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312004
|
6.5 |
MEDIUM
Network
|
apexsoftcell
|
ld_geo
ld_dp_back_office
|
This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by …
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2024-47089
|
2024-09-27 04:09 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312005
|
5.3 |
MEDIUM
Network
|
circutor
|
q-smt_firmware
|
An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is presen…
|
NVD-CWE-noinfo
|
CVE-2024-8891
|
2024-09-27 03:50 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312006
|
7.5 |
HIGH
Network
|
coredns.io
|
coredns
|
An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal r…
|
NVD-CWE-noinfo
|
CVE-2023-28452
|
2024-09-27 03:37 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312007
|
5.4 |
MEDIUM
Network
|
muffingroup
|
betheme
|
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 27.5.5 due to insufficient input sanitization and output escapi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5567
|
2024-09-27 03:27 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312008
|
8.8 |
HIGH
Network
|
sirv
|
sirv
|
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in al…
|
CWE-862
Missing Authorization
|
CVE-2024-8480
|
2024-09-27 03:13 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312009
|
8.8 |
HIGH
Network
|
bitapps
|
file_manager
|
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uplo…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7770
|
2024-09-27 02:49 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312010
|
6.1 |
MEDIUM
Network
|
rocket.chat
|
rocket.chat
|
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-46934
|
2024-09-27 02:41 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
