|
303251
|
4.8 |
MEDIUM
Network
|
vektor-inc
|
vk_all_in_one_expansion_unit
|
Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-52268
|
2024-11-20 00:57 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303252
|
4.8 |
MEDIUM
Network
|
pimcore
|
pimcore
|
A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date…
|
CWE-79
Cross-site Scripting
|
CVE-2023-2332
|
2024-11-20 00:55 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303253
|
5.4 |
MEDIUM
Network
|
royal-elementor-addons
|
royal_elementor_addons
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to insu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9668
|
2024-11-20 00:55 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303254
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-…
|
CWE-416
Use After Free
|
CVE-2023-4679
|
2024-11-20 00:54 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303255
|
5.9 |
MEDIUM
Network
|
phpipam
|
phpipam
|
phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-0787
|
2024-11-20 00:53 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303256
|
5.4 |
MEDIUM
Network
|
royal-elementor-addons
|
royal_elementor_addons
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficien…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9059
|
2024-11-20 00:53 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303257
|
6.1 |
MEDIUM
Network
|
advancedformintegration
|
advanced_form_integration
|
The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the UR…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10877
|
2024-11-20 00:52 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303258
|
7.2 |
HIGH
Network
|
mayurik
|
best_employee_management_system
|
A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/edit_role.php. The manipulation of …
|
CWE-89
SQL Injection
|
CVE-2024-11213
|
2024-11-20 00:48 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303259
|
8.8 |
HIGH
Network
|
mayurik
|
best_employee_management_system
|
A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetch_…
|
CWE-89
SQL Injection
|
CVE-2024-11212
|
2024-11-20 00:48 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303260
|
5.4 |
MEDIUM
Network
|
royal-elementor-addons
|
royal_elementor_addons
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9682
|
2024-11-20 00:47 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
