|
309621
|
8.6 |
HIGH
Network
|
microsoft
|
power_platform
|
Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector.
|
CWE-862
Missing Authorization
|
CVE-2024-38190
|
2024-11-9 00:34 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309622
|
7.8 |
HIGH
Local
|
nvidia
|
nemo
|
NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to c…
|
CWE-22
Path Traversal
|
CVE-2024-0129
|
2024-11-9 00:33 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309623
|
6.1 |
MEDIUM
Network
|
castos
|
seriously_simple_podcasting
|
The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9667
|
2024-11-9 00:27 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309624
|
4.3 |
MEDIUM
Network
|
katieseaborn
|
zotpress
|
The Zotpress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Zotpress_process_accounts_AJAX function in all versions up to, and includ…
|
CWE-862
Missing Authorization
|
CVE-2024-7429
|
2024-11-9 00:26 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309625
|
9.8 |
CRITICAL
Network
|
contest-gallery
|
contest_gallery
|
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection …
|
CWE-89
SQL Injection
|
CVE-2024-10687
|
2024-11-9 00:26 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309626
|
4.3 |
MEDIUM
Network
|
wpxpro
|
xpro_addons_for_elementor
|
The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the render function in widgets…
|
NVD-CWE-noinfo
|
CVE-2024-10319
|
2024-11-9 00:25 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309627
|
4.8 |
MEDIUM
Network
|
10web
|
photo_gallery
|
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to ins…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9878
|
2024-11-9 00:25 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309628
|
8.8 |
HIGH
Network
|
fileorganizer
|
fileorganizer
|
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7985
|
2024-11-9 00:22 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309629
|
9.8 |
CRITICAL
Network
|
63moons
|
aero
wave_2.0
|
This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conduc…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-51558
|
2024-11-9 00:19 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309630
|
6.5 |
MEDIUM
Network
|
63moons
|
aero
wave_2.0
|
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP re…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-51557
|
2024-11-9 00:19 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
