|
312161
|
4.8 |
MEDIUM
Network
|
micro.company
|
collect.chat
|
The Chatbot for WordPress by Collect.chat ?? WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Sit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6498
|
2024-09-7 02:35 |
2024-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312162
|
8.6 |
HIGH
Network
|
rocket.chat
|
rocket.chat
|
A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-39713
|
2024-09-7 02:35 |
2024-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312163
|
- |
|
-
|
-
|
The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive informati…
|
-
|
CVE-2024-6477
|
2024-09-7 02:35 |
2024-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312164
|
7.2 |
HIGH
Network
|
teamt5
|
threatsonar_anti-ransomware
|
ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, w…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7694
|
2024-09-7 02:24 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312165
|
5.4 |
MEDIUM
Network
|
wpextended
|
wp_extended
|
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-8123
|
2024-09-7 02:20 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312166
|
6.1 |
MEDIUM
Network
|
cisco
|
unified_communications_manager
|
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could a…
|
CWE-79
Cross-site Scripting
|
CVE-2024-20488
|
2024-09-7 02:18 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312167
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-45294. Reason: This candidate is a duplicate of CVE-2024-45294. Notes: All CVE users should reference CVE-2024-452…
|
-
|
CVE-2024-45295
|
2024-09-7 02:15 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312168
|
- |
|
-
|
-
|
The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities (including validator), for the Fast Healthcare Interoperability Resources (FHIR) specification. Prio…
|
-
|
CVE-2024-45294
|
2024-09-7 02:15 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312169
|
9.8 |
CRITICAL
Network
|
mozilla
|
thunderbird
firefox_esr
firefox
|
Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-8387
|
2024-09-7 02:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312170
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
firefox_esr
|
A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2…
|
CWE-843
Type Confusion
|
CVE-2024-8385
|
2024-09-7 02:15 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
