|
312631
|
8.8 |
HIGH
Network
|
dedebiz
|
dedebiz
|
A vulnerability classified as critical was found in DedeBIZ 6.3.0. This vulnerability affects the function get_mime_type of the file /admin/dialog/select_images_post.php of the component Attachment S…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7906
|
2024-09-28 02:54 |
2024-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312632
|
6.5 |
MEDIUM
Network
|
github
|
enterprise_server
|
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content i…
|
CWE-863
Incorrect Authorization
|
CVE-2024-6337
|
2024-09-28 02:48 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312633
|
5.4 |
MEDIUM
Network
|
kirstyburgoine
|
responsive_video
|
The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's video settings function in all versions up to, and including, 1.0 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7629
|
2024-09-28 02:32 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312634
|
9.8 |
CRITICAL
Network
|
sjhoo
|
woo_inquiry
|
The Woo Inquiry plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 0.1 due to insufficient escaping on the user supplied parameter 'dbid' and lack of sufficient…
|
CWE-89
SQL Injection
|
CVE-2024-7854
|
2024-09-28 02:27 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312635
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
|
-
|
CVE-2024-9273
|
2024-09-28 02:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312636
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
|
-
|
CVE-2024-9268
|
2024-09-28 02:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312637
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…
|
-
|
CVE-2024-9171
|
2024-09-28 02:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312638
|
8.2 |
HIGH
Network
|
czim
|
file-handling
|
The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory travers…
|
CWE-22
CWE-918
Path Traversal
Server-Side Request Forgery (SSRF)
|
CVE-2024-47049
|
2024-09-28 02:09 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312639
|
7.5 |
HIGH
Network
|
in2code
|
powermail
|
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-47047
|
2024-09-28 02:03 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312640
|
6.1 |
MEDIUM
Network
|
yithemes
|
yith_custom_login
|
The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8665
|
2024-09-28 01:59 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
