|
312231
|
8.8 |
HIGH
Network
|
wpsoul
|
greenshift_woocommerce_addon
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.This issue affects Greenshift Woocommerc…
|
CWE-89
SQL Injection
|
CVE-2024-43943
|
2024-09-6 00:10 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312232
|
8.8 |
HIGH
Network
|
wpmart
|
animated_number_counters
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sk. Abul Hasan Animated Number Counters allows PHP Local File Inclusion.This issue affects Animated Num…
|
CWE-22
Path Traversal
|
CVE-2024-43957
|
2024-09-5 23:49 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312233
|
5.4 |
MEDIUM
Network
|
alwindoss
|
akademy
|
A vulnerability was found in alwindoss akademy up to 35caccea888ed63d5489e211c99edff1f62efdba. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the f…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8407
|
2024-09-5 23:48 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312234
|
9.8 |
CRITICAL
Network
|
linksys
|
wrt54g_firmware
|
A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-8408
|
2024-09-5 23:41 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312235
|
6.1 |
MEDIUM
Network
|
zzcms
|
zzcms
|
Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via a crafted script to the pagename parameter of the admin/del.php component.
|
CWE-79
Cross-site Scripting
|
CVE-2024-44819
|
2024-09-5 23:40 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312236
|
8.1 |
HIGH
Network
|
zyxel
|
zld_firmware
|
A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) s…
|
CWE-78
OS Command
|
CVE-2024-42057
|
2024-09-5 23:40 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312237
|
6.1 |
MEDIUM
Network
|
semtekyazilim
|
semtek_sempos
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Reflected XSS.This issue affects…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7077
|
2024-09-5 23:39 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312238
|
9.8 |
CRITICAL
Network
|
semtekyazilim
|
semtek_sempos
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Semtek Informatics Software Consulting Inc. Semtek Sempos allows Blind SQL Injection.This issue a…
|
CWE-89
SQL Injection
|
CVE-2024-7076
|
2024-09-5 23:39 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312239
|
7.5 |
HIGH
Network
|
zyxel
|
zld_firmware
|
A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware ver…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-42058
|
2024-09-5 23:39 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312240
|
4.3 |
MEDIUM
Network
|
discourse
|
discourse_calendar
|
discourse-calendar is a discourse plugin which adds the ability to create a dynamic calendar in the first post of a topic. The limit on region value length is too generous. This allows a malicious ac…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-21658
|
2024-09-5 23:39 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
