|
312151
|
7.5 |
HIGH
Network
|
kitsada8621
|
digital_library_management_system
|
A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token…
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2024-8297
|
2024-08-31 00:28 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312152
|
9.8 |
CRITICAL
Network
|
gitapp
|
dingfanzu
|
A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /aj…
|
CWE-89
SQL Injection
|
CVE-2024-8301
|
2024-08-31 00:24 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312153
|
4.8 |
MEDIUM
Adjacent
|
teldat
|
rs123_firmware
rs123w_firmware
|
Cross Site Scripting vulnerability in Teldats Router RS123, RS123w allows attacker to execute arbitrary code via the cmdcookie parameter to the upgrade/query.php page.
|
CWE-79
Cross-site Scripting
|
CVE-2022-39996
|
2024-08-31 00:17 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312154
|
4.3 |
MEDIUM
Network
|
smashballoon
|
reviews_feed
|
The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and i…
|
CWE-352
Origin Validation Error
|
CVE-2024-8200
|
2024-08-31 00:08 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312155
|
4.3 |
MEDIUM
Network
|
smashballoon
|
reviews_feed
|
The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capa…
|
CWE-862
Missing Authorization
|
CVE-2024-8199
|
2024-08-31 00:04 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312156
|
8.8 |
HIGH
Network
|
skyss
|
arfa-cms
|
A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges.
|
CWE-352
Origin Validation Error
|
CVE-2024-45264
|
2024-08-31 00:02 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312157
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-846w_firmware
|
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. This vulnerability is exploited via a crafted POST request.
|
CWE-78
OS Command
|
CVE-2024-44342
|
2024-08-30 23:57 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312158
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-846w_firmware
|
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST requ…
|
CWE-78
OS Command
|
CVE-2024-44341
|
2024-08-30 23:57 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312159
|
8.8 |
HIGH
Network
|
dlink
|
dir-846w_firmware
|
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via keys smartqos_express_devices and smartqos_normal_devices in SetSmartQoSSettings.
|
CWE-78
OS Command
|
CVE-2024-44340
|
2024-08-30 23:56 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312160
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-846w_firmware
|
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface.
|
CWE-78
OS Command
|
CVE-2024-41622
|
2024-08-30 23:55 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
