|
248971
|
4.8 |
MEDIUM
Network
|
migaweb
|
accordion_title_for_elementor
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Gangolf Accordion title for Elementor allows Stored XSS.This issue affects Accordi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-51685
|
2024-11-7 04:34 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248972
|
7.5 |
HIGH
Network
|
aetherproject
|
onos-a1t
sdran-in-a-box
|
An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box, specificall…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-48809
|
2024-11-7 04:33 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248973
|
9.8 |
CRITICAL
Network
|
openimaj
|
openimaj
|
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file.
|
CWE-611
XXE
|
CVE-2024-51136
|
2024-11-7 04:31 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248974
|
4.9 |
MEDIUM
Network
|
bitrix24
|
bitrix24
|
Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server v…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-34887
|
2024-11-7 04:28 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248975
|
4.9 |
MEDIUM
Network
|
bitrix24
|
bitrix24
|
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-34883
|
2024-11-7 04:28 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248976
|
4.9 |
MEDIUM
Network
|
bitrix24
|
bitrix24
|
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-34882
|
2024-11-7 04:28 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248977
|
8.8 |
HIGH
Network
|
idrsdev
|
agile-board
|
A Host header injection vulnerability in Agile-Board 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.
|
CWE-94
Code Injection
|
CVE-2024-51329
|
2024-11-7 04:19 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248978
|
8.1 |
HIGH
Network
|
loginizer
|
loginizer
|
The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user be…
|
NVD-CWE-noinfo
|
CVE-2024-10097
|
2024-11-7 04:14 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248979
|
9.8 |
CRITICAL
Network
|
nginxui
|
nginx_ui
|
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, cau…
|
NVD-CWE-noinfo
|
CVE-2024-49368
|
2024-11-7 03:28 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248980
|
- |
|
-
|
-
|
A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to …
|
CWE-89
SQL Injection
|
CVE-2024-20536
|
2024-11-7 03:17 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
