|
304491
|
9.8 |
CRITICAL
Network
|
codezips
|
free_exam_hall_seating_management_system
|
A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulatio…
|
CWE-89
SQL Injection
|
CVE-2024-10736
|
2024-11-6 03:03 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304492
|
9.8 |
CRITICAL
Network
|
codezips
|
pet_shop_management_system
|
A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument i…
|
CWE-89
SQL Injection
|
CVE-2024-10752
|
2024-11-6 02:59 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304493
|
5.4 |
MEDIUM
Network
|
tezzeract
|
league_of_legends_shortcodes
|
The League of Legends Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.1 due to insufficient input sanitization and ou…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10342
|
2024-11-6 02:52 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304494
|
6.5 |
MEDIUM
Network
|
tezzeract
|
league_of_legends_shortcodes
|
The League of Legends Shortcodes plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.1 due to insufficient escaping on the user suppli…
|
CWE-89
SQL Injection
|
CVE-2024-10341
|
2024-11-6 02:51 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304495
|
5.4 |
MEDIUM
Network
|
bamazoo
|
button_generator
|
The Bamazoo – Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10150
|
2024-11-6 02:47 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304496
|
6.1 |
MEDIUM
Network
|
10web
|
10web_social_post_feed
|
The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and incl…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9607
|
2024-11-6 02:40 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304497
|
9.8 |
CRITICAL
Network
|
appcheap
|
app_builder
|
The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7. This is d…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2024-9302
|
2024-11-6 02:39 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304498
|
8.8 |
HIGH
Network
|
mapster
|
mapster_wp_maps
|
The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapster_wp_maps_set_op…
|
CWE-285
Improper Authorization
|
CVE-2024-9235
|
2024-11-6 02:36 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304499
|
- |
|
-
|
-
|
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS comman…
|
-
|
CVE-2024-52019
|
2024-11-6 02:35 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304500
|
- |
|
-
|
-
|
Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands…
|
-
|
CVE-2024-52018
|
2024-11-6 02:35 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
