|
303791
|
5.4 |
MEDIUM
Network
|
royal-elementor-addons
|
royal_elementor_addons
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to insu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9668
|
2024-11-20 00:55 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303792
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-…
|
CWE-416
Use After Free
|
CVE-2023-4679
|
2024-11-20 00:54 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303793
|
5.9 |
MEDIUM
Network
|
phpipam
|
phpipam
|
phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header. The issue lies in the 'get…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-0787
|
2024-11-20 00:53 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303794
|
5.4 |
MEDIUM
Network
|
royal-elementor-addons
|
royal_elementor_addons
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficien…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9059
|
2024-11-20 00:53 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303795
|
6.1 |
MEDIUM
Network
|
advancedformintegration
|
advanced_form_integration
|
The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the UR…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10877
|
2024-11-20 00:52 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303796
|
7.2 |
HIGH
Network
|
mayurik
|
best_employee_management_system
|
A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/edit_role.php. The manipulation of …
|
CWE-89
SQL Injection
|
CVE-2024-11213
|
2024-11-20 00:48 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303797
|
8.8 |
HIGH
Network
|
mayurik
|
best_employee_management_system
|
A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetch_…
|
CWE-89
SQL Injection
|
CVE-2024-11212
|
2024-11-20 00:48 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303798
|
5.4 |
MEDIUM
Network
|
royal-elementor-addons
|
royal_elementor_addons
|
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9682
|
2024-11-20 00:47 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303799
|
4.8 |
MEDIUM
Network
|
phpgurukul
|
user_registration_\&_login_and_user_management_system
|
A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows rem…
|
CWE-79
Cross-site Scripting
|
CVE-2024-48284
|
2024-11-20 00:45 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303800
|
4.3 |
MEDIUM
Network
|
janeczku
|
calibre-web
|
An improper access control vulnerability exists in janeczku/calibre-web. The affected version allows users without public shelf permissions to create public shelves. The vulnerability is due to the `…
|
CWE-862
Missing Authorization
|
CVE-2021-3987
|
2024-11-20 00:44 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
