|
306961
|
- |
|
-
|
-
|
Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them t…
|
-
|
CVE-2023-48082
|
2024-10-26 02:15 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306962
|
8.1 |
HIGH
Network
|
google
|
chrome
|
Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
|
NVD-CWE-noinfo
|
CVE-2024-10229
|
2024-10-26 02:04 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306963
|
9.8 |
CRITICAL
Network
|
keith-cullen
|
freecoap
|
Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a s…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-40493
|
2024-10-26 02:01 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306964
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
CWE-843
Type Confusion
|
CVE-2024-10231
|
2024-10-26 02:01 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306965
|
9.8 |
CRITICAL
Network
|
janobe
|
online_complaint_site
|
SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.
|
CWE-89
SQL Injection
|
CVE-2024-44812
|
2024-10-26 01:56 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306966
|
5.0 |
MEDIUM
Local
|
loan_management_system_project
|
loan_management_system
|
itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in …
|
CWE-79
Cross-site Scripting
|
CVE-2024-48415
|
2024-10-26 01:55 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306967
|
9.8 |
CRITICAL
Network
|
properfraction
|
profilepress
|
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by t…
|
CWE-287
Improper Authentication
|
CVE-2024-9947
|
2024-10-26 01:53 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306968
|
4.8 |
MEDIUM
Network
|
tuzitio
|
camaleon_cms
|
Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.
|
CWE-79
Cross-site Scripting
|
CVE-2024-48652
|
2024-10-26 01:51 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306969
|
5.4 |
MEDIUM
Network
|
getshortcodes
|
shortcodes_ultimate
|
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insuffic…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8500
|
2024-10-26 01:43 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306970
|
6.1 |
MEDIUM
Network
|
steelthemes
|
nioland
|
The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output esc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10250
|
2024-10-26 01:37 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
