|
307641
|
7.8 |
HIGH
Local
|
autodesk
|
navisworks
|
A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write se…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-7671
|
2024-10-8 03:34 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307642
|
9.8 |
CRITICAL
Network
|
redefiningtheweb
|
affiliate_pro
|
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callbac…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-9289
|
2024-10-8 03:25 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307643
|
7.4 |
HIGH
Adjacent
|
cisco
|
ios_xr
|
A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause …
|
NVD-CWE-noinfo
|
CVE-2024-20406
|
2024-10-8 02:56 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307644
|
5.3 |
MEDIUM
Network
|
cisco
|
ios_xr
|
A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751.
This vu…
|
NVD-CWE-Other
|
CVE-2024-20390
|
2024-10-8 02:51 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307645
|
7.2 |
HIGH
Network
|
-
|
-
|
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted inp…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-9314
|
2024-10-8 02:48 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307646
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' f…
|
CWE-862
Missing Authorization
|
CVE-2024-9161
|
2024-10-8 02:48 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307647
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in the Modern Heading and Icon Picker widgets all versions …
|
-
|
CVE-2024-8486
|
2024-10-8 02:48 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307648
|
6.8 |
MEDIUM
Network
|
-
|
-
|
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-8743
|
2024-10-8 02:48 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307649
|
4.9 |
MEDIUM
Network
|
-
|
-
|
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9528
|
2024-10-8 02:48 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307650
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitiz…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9455
|
2024-10-8 02:48 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
