|
311641
|
5.4 |
MEDIUM
Network
|
memberful
|
memberful
|
The Memberful – Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'memberful_buy_subscription_link' and 'memberful_podcasts_link' shortcodes in all …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9242
|
2024-10-9 01:26 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311642
|
4.8 |
MEDIUM
Network
|
wpbookingcalendar
|
wp_booking_calendar
|
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 10.6 due to insufficient input sanitization and outp…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9306
|
2024-10-9 01:25 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311643
|
6.1 |
MEDIUM
Network
|
plainware
|
shiftcontroller
|
The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL keys in all versions up to, and including, 4.9.66 due to insufficient input …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9435
|
2024-10-9 01:22 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311644
|
5.4 |
MEDIUM
Network
|
sigmadevs
|
easy_demo_importer
|
The Easy Demo Importer – A Modern One-Click Demo Import Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.2 due…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9071
|
2024-10-9 01:21 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311645
|
4.3 |
MEDIUM
Adjacent
|
cisco
|
ios_xe
|
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device.
This vulnerabili…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2024-20434
|
2024-10-9 01:20 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311646
|
5.4 |
MEDIUM
Network
|
remilia
|
re\
|
The Re:WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9271
|
2024-10-9 01:17 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311647
|
6.5 |
MEDIUM
Network
|
cisco
|
identity_services_engine
|
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device.
…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2024-20515
|
2024-10-9 01:11 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311648
|
6.1 |
MEDIUM
Network
|
tychesoftwares
|
product_delivery_date_for_woocommerce
|
The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all ve…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9345
|
2024-10-9 01:10 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311649
|
6.7 |
MEDIUM
Local
|
synology
|
drive_client
|
Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local users with administrator privileges to execute arbitrary commands vi…
|
CWE-787
Out-of-bounds Write
|
CVE-2022-49039
|
2024-10-9 01:08 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311650
|
7.8 |
HIGH
Local
|
synology
|
drive_client
|
Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecifie…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2022-49038
|
2024-10-9 01:08 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
