|
310771
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may …
|
-
|
CVE-2024-9924
|
2024-10-15 21:57 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310772
|
- |
|
-
|
-
|
netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include `ge…
|
CWE-89
SQL Injection
|
CVE-2024-7099
|
2024-10-15 21:57 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310773
|
- |
|
-
|
-
|
CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes test
credentials in the firmware binary
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-8070
|
2024-10-15 21:57 |
2024-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310774
|
- |
|
-
|
-
|
A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability affects the function sendEmail of the file /qilecms/user/controller/Forget.php of the component Verifica…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2024-9907
|
2024-10-15 21:57 |
2024-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310775
|
- |
|
-
|
-
|
A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The mani…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9904
|
2024-10-15 21:57 |
2024-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310776
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-9903
|
2024-10-15 21:57 |
2024-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310777
|
- |
|
-
|
-
|
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.8 via the render_column function in modules/data-table/wid…
|
CWE-200
Information Exposure
|
CVE-2024-8902
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310778
|
7.2 |
HIGH
Network
|
-
|
-
|
The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is …
|
CWE-89
SQL Injection
|
CVE-2024-8757
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310779
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rescue_tab' shortcode in all versions up to, and including, 2.8 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9696
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310780
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9595
|
2024-10-15 21:57 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
