|
316051
|
4.3 |
MEDIUM
Network
|
smashballoon
|
reviews_feed
|
The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and i…
|
CWE-352
Origin Validation Error
|
CVE-2024-8200
|
2024-08-31 00:08 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316052
|
4.3 |
MEDIUM
Network
|
smashballoon
|
reviews_feed
|
The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capa…
|
CWE-862
Missing Authorization
|
CVE-2024-8199
|
2024-08-31 00:04 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316053
|
8.8 |
HIGH
Network
|
skyss
|
arfa-cms
|
A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges.
|
CWE-352
Origin Validation Error
|
CVE-2024-45264
|
2024-08-31 00:02 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316054
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-846w_firmware
|
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. This vulnerability is exploited via a crafted POST request.
|
CWE-78
OS Command
|
CVE-2024-44342
|
2024-08-30 23:57 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316055
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-846w_firmware
|
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST requ…
|
CWE-78
OS Command
|
CVE-2024-44341
|
2024-08-30 23:57 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316056
|
8.8 |
HIGH
Network
|
dlink
|
dir-846w_firmware
|
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via keys smartqos_express_devices and smartqos_normal_devices in SetSmartQoSSettings.
|
CWE-78
OS Command
|
CVE-2024-44340
|
2024-08-30 23:56 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316057
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-846w_firmware
|
D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface.
|
CWE-78
OS Command
|
CVE-2024-41622
|
2024-08-30 23:55 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316058
|
6.5 |
MEDIUM
Network
|
ptc
|
thingworx
|
An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-40395
|
2024-08-30 23:35 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316059
|
- |
|
-
|
-
|
A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet…
|
CWE-94
Code Injection
|
CVE-2024-5651
|
2024-08-30 23:15 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316060
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commi…
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2024-3114
|
2024-08-30 23:15 |
2024-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
