|
311251
|
8.8 |
HIGH
Adjacent
|
enelx
|
waybox_pro_firmware
|
Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system.
|
CWE-287
Improper Authentication
|
CVE-2023-29117
|
2024-11-9 01:08 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311252
|
4.3 |
MEDIUM
Adjacent
|
enelx
|
waybox_pro_firmware
|
Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.
|
NVD-CWE-noinfo
|
CVE-2023-29116
|
2024-11-9 01:08 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311253
|
6.5 |
MEDIUM
Adjacent
|
enelx
|
waybox_pro_firmware
|
In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service (e.g. reboot).
|
NVD-CWE-noinfo
|
CVE-2023-29115
|
2024-11-9 01:08 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311254
|
5.4 |
MEDIUM
Network
|
xplodedthemes
|
xt_floating_cart_for_woocommerce
|
The XT Floating Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.8.2 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9178
|
2024-11-9 01:03 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311255
|
5.4 |
MEDIUM
Network
|
bdthemes
|
element_pack
|
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Open Map Widget'…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9867
|
2024-11-9 01:00 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311256
|
5.4 |
MEDIUM
Network
|
bdthemes
|
element_pack
|
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tooltip' paramet…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9657
|
2024-11-9 01:00 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311257
|
4.3 |
MEDIUM
Network
|
g5plus
|
ultimate_bootstrap_elements_for_elementor
|
The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ube_get_page_templates' functio…
|
NVD-CWE-noinfo
|
CVE-2024-10329
|
2024-11-9 00:59 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311258
|
7.3 |
HIGH
Network
|
tickera
|
tickera
|
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users t…
|
CWE-94
Code Injection
|
CVE-2024-10263
|
2024-11-9 00:59 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311259
|
4.3 |
MEDIUM
Network
|
themeum
|
wp_crowdfunding
|
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10.
|
CWE-862
Missing Authorization
|
CVE-2024-43937
|
2024-11-9 00:57 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311260
|
5.3 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displ…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-51739
|
2024-11-9 00:56 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
