|
307061
|
5.6 |
MEDIUM
Network
|
-
|
-
|
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.8.3. This is due to the improper empty value check and a missing default activated v…
|
CWE-703
Improper Check or Handling of Exceptional Conditions
|
CVE-2024-9104
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307062
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The Smart Online Order for Clover plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in al…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8787
|
2024-10-16 11:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307063
|
7.3 |
HIGH
Local
|
microsoft
|
windows_server_2016
windows_server_2019
windows_server_2022
windows_11_22h2
windows_11_21h2
windows_10_22h2
windows_10_21h2
windows_10_1809
windows_10_1607
windows_11_23h2<…
|
Summary
Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated v…
|
NVD-CWE-Other
|
CVE-2024-38202
|
2024-10-16 11:15 |
2024-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307064
|
- |
|
apple
|
safari
|
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
|
CWE-399
Resource Management Errors
|
CVE-2010-0048
|
2024-10-16 06:35 |
2010-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307065
|
- |
|
apple
|
safari
|
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML obj…
|
CWE-399
Resource Management Errors
|
CVE-2010-0047
|
2024-10-16 06:35 |
2010-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307066
|
7.8 |
HIGH
Local
|
adobe
|
incopy
|
InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2024-41858
|
2024-10-16 05:51 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307067
|
6.1 |
MEDIUM
Network
|
lemonldap-ng
|
lemonldap\
|
A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set…
|
CWE-79
Cross-site Scripting
|
CVE-2024-48933
|
2024-10-16 03:56 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307068
|
9.8 |
CRITICAL
Network
|
internet-formation
|
wp-advanced-search
|
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
|
CWE-89
SQL Injection
|
CVE-2024-9796
|
2024-10-16 03:46 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307069
|
5.5 |
MEDIUM
Local
|
paloaltonetworks
|
cortex_xdr_agent
|
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be le…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2024-9469
|
2024-10-16 03:38 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307070
|
4.4 |
MEDIUM
Local
|
paloaltonetworks
|
cortex_xdr_agent
|
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leverag…
|
NVD-CWE-Other
|
CVE-2024-8690
|
2024-10-16 03:38 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
