|
305411
|
9.8 |
CRITICAL
Network
|
contest-gallery
|
contest_gallery
|
The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection …
|
CWE-89
SQL Injection
|
CVE-2024-10687
|
2024-11-9 00:26 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305412
|
4.3 |
MEDIUM
Network
|
wpxpro
|
xpro_addons_for_elementor
|
The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the render function in widgets…
|
NVD-CWE-noinfo
|
CVE-2024-10319
|
2024-11-9 00:25 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305413
|
4.8 |
MEDIUM
Network
|
10web
|
photo_gallery
|
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.30 due to ins…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9878
|
2024-11-9 00:25 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305414
|
8.8 |
HIGH
Network
|
fileorganizer
|
fileorganizer
|
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the "fileorganizer_ajax_handler" function in…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7985
|
2024-11-9 00:22 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305415
|
9.8 |
CRITICAL
Network
|
63moons
|
aero
wave_2.0
|
This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conduc…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-51558
|
2024-11-9 00:19 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305416
|
6.5 |
MEDIUM
Network
|
63moons
|
aero
wave_2.0
|
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP re…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-51557
|
2024-11-9 00:19 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305417
|
7.5 |
HIGH
Network
|
ruijie
|
nbr3000d-e_firmware
|
An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component.
|
NVD-CWE-noinfo
|
CVE-2024-48783
|
2024-11-9 00:19 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305418
|
4.3 |
MEDIUM
Network
|
63moons
|
aero
wave_2.0
|
This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-51560
|
2024-11-9 00:18 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305419
|
4.6 |
MEDIUM
Physics
|
tp-link
|
tapo_h100_firmware
|
This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-10523
|
2024-11-9 00:14 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305420
|
8.8 |
HIGH
Network
|
microsoft
|
dataverse
|
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
|
NVD-CWE-noinfo
|
CVE-2024-38139
|
2024-11-9 00:14 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
