|
250301
|
9.8 |
CRITICAL
Network
|
dfactory
|
responsive_lightbox
|
Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7.
|
CWE-862
Missing Authorization
|
CVE-2024-43924
|
2024-11-7 02:03 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250302
|
8.8 |
HIGH
Network
|
myriadsolutionz
|
stars_smtp_mailer
|
Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through 1.…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-50530
|
2024-11-7 02:02 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250303
|
6.5 |
MEDIUM
Network
|
sonatype
|
nexus
|
Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database (…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-5764
|
2024-11-7 01:41 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250304
|
7.2 |
HIGH
Network
|
wuzhicms
|
wuzhicms
|
A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to cod…
|
CWE-94
Code Injection
|
CVE-2024-10505
|
2024-11-7 01:38 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250305
|
- |
|
-
|
-
|
Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially …
|
-
|
CVE-2023-31305
|
2024-11-7 01:35 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250306
|
9.8 |
CRITICAL
Network
|
carrcommunications
|
rsvpmaker
|
Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload a Web Shell to a Web Server.This issue affects RSVPMaker for Toastmasters: from…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-50531
|
2024-11-7 01:34 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250307
|
9.8 |
CRITICAL
Network
|
esafenet
|
cdg
|
A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation …
|
CWE-89
SQL Injection
|
CVE-2024-10597
|
2024-11-7 01:28 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250308
|
5.3 |
MEDIUM
Network
|
choplugins
|
order_notification_for_telegram
|
The Order Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nktgnfw_send_test_message' function in versions u…
|
CWE-862
Missing Authorization
|
CVE-2024-9686
|
2024-11-7 01:19 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250309
|
3.6 |
LOW
Local
|
chidiwilliams
|
buzz
|
A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of the file buzz/model_loader.py. The manipulation leads to ins…
|
CWE-377
Insecure Temporary File
|
CVE-2024-10372
|
2024-11-7 01:14 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250310
|
5.4 |
MEDIUM
Network
|
sohelwpexpert
|
awesome_buttons
|
The Awesome buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn2 shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10148
|
2024-11-7 01:02 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
