|
256791
|
6.1 |
MEDIUM
Network
|
elecom
|
wrc-x3000gs2-b_firmware
wrc-x3000gs2-w_firmware
wrc-x3000gs2a-b_firmware
|
Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page whil…
|
CWE-79
Cross-site Scripting
|
CVE-2024-34577
|
2024-09-3 23:59 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256792
|
5.4 |
MEDIUM
Network
|
hubspot
|
hubspot
|
The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute of the HubSpot Meeting Widget in all version…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5879
|
2024-09-3 23:59 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256793
|
3.7 |
LOW
Network
|
elecom
|
wab-i1750-ps_firmware
|
Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-39300
|
2024-09-3 23:57 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256794
|
7.2 |
HIGH
Network
|
theeventscalendar
|
events_calendar_pro
|
The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in w…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8016
|
2024-09-3 23:51 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256795
|
6.3 |
MEDIUM
Network
|
tutorlms
|
tutor_lms_pro
|
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treport_quiz_atttempt_delete and t…
|
CWE-862
Missing Authorization
|
CVE-2024-5784
|
2024-09-3 23:48 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256796
|
4.3 |
MEDIUM
Network
|
themeific
|
tourfic
|
The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tf_order_status…
|
CWE-352
Origin Validation Error
|
CVE-2024-8319
|
2024-09-3 23:43 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256797
|
5.4 |
MEDIUM
Network
|
wpvibes
|
elementor_addon_elements
|
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.13.6 due to insufficient input sanitization…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7122
|
2024-09-3 23:41 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256798
|
- |
|
-
|
-
|
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make imp…
|
-
|
CVE-2024-3655
|
2024-09-3 23:35 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256799
|
6.3 |
MEDIUM
Network
|
maxfoundry
|
media_library_folders
|
The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to…
|
CWE-862
Missing Authorization
|
CVE-2024-7858
|
2024-09-3 23:34 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256800
|
8.8 |
HIGH
Network
|
codection
|
clean_login
|
The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes …
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2024-8252
|
2024-09-3 23:31 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
