|
312471
|
6.1 |
MEDIUM
Network
|
webpack.js
|
webpack
|
Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43788
|
2024-09-4 00:15 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312472
|
5.9 |
MEDIUM
Network
|
matter-labs
|
zksolc
|
zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits n…
|
CWE-682
Incorrect Calculation
|
CVE-2024-45056
|
2024-09-4 00:14 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312473
|
6.1 |
MEDIUM
Network
|
collabora
|
online
|
Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url e…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45045
|
2024-09-4 00:13 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312474
|
- |
|
-
|
-
|
BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. (The packet data also lacks authentication and integrity protection.)
|
-
|
CVE-2024-34463
|
2024-09-4 00:12 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312475
|
8.8 |
HIGH
Network
|
muffingroup
|
betheme
|
The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-2694
|
2024-09-4 00:10 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312476
|
5.4 |
MEDIUM
Network
|
muffingroup
|
betheme
|
The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization…
|
CWE-79
Cross-site Scripting
|
CVE-2024-3998
|
2024-09-4 00:00 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312477
|
6.1 |
MEDIUM
Network
|
elecom
|
wrc-x3000gs2-b_firmware
wrc-x3000gs2-w_firmware
wrc-x3000gs2a-b_firmware
|
Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page whil…
|
CWE-79
Cross-site Scripting
|
CVE-2024-34577
|
2024-09-3 23:59 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312478
|
5.4 |
MEDIUM
Network
|
hubspot
|
hubspot
|
The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute of the HubSpot Meeting Widget in all version…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5879
|
2024-09-3 23:59 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312479
|
3.7 |
LOW
Network
|
elecom
|
wab-i1750-ps_firmware
|
Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-39300
|
2024-09-3 23:57 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312480
|
7.2 |
HIGH
Network
|
theeventscalendar
|
events_calendar_pro
|
The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in w…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8016
|
2024-09-3 23:51 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
