|
304191
|
6.1 |
MEDIUM
Network
|
kognetiks
|
kognetiks_chatbot
|
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input …
|
CWE-79
Cross-site Scripting
|
CVE-2024-10684
|
2024-11-19 00:03 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304192
|
4.3 |
MEDIUM
Network
|
kognetiks
|
kognetiks_chatbot
|
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_assistant() function in all versions up to,…
|
CWE-862
Missing Authorization
|
CVE-2024-10531
|
2024-11-19 00:02 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304193
|
4.3 |
MEDIUM
Network
|
kognetiks
|
kognetiks_chatbot
|
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_new_assistant() function in all versions up to…
|
CWE-862
Missing Authorization
|
CVE-2024-10530
|
2024-11-18 23:59 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304194
|
5.3 |
MEDIUM
Network
|
kognetiks
|
kognetiks_chatbot
|
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_assistant() function in all versions up to,…
|
CWE-862
Missing Authorization
|
CVE-2024-10529
|
2024-11-18 23:59 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304195
|
- |
|
-
|
-
|
The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands
|
-
|
CVE-2024-50809
|
2024-11-18 23:35 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304196
|
- |
|
-
|
-
|
An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized a…
|
-
|
CVE-2024-44765
|
2024-11-18 23:35 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304197
|
- |
|
-
|
-
|
All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the uns…
|
-
|
CVE-2024-21534
|
2024-11-18 20:15 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304198
|
- |
|
-
|
-
|
AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID.
|
-
|
CVE-2024-52940
|
2024-11-18 14:15 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304199
|
- |
|
-
|
-
|
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain access to the graphics buffers of a parent process.
|
-
|
CVE-2024-43704
|
2024-11-18 14:15 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
304200
|
- |
|
-
|
-
|
Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent.
|
-
|
CVE-2024-52926
|
2024-11-18 13:15 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
