|
306971
|
- |
|
-
|
-
|
Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information by analyzing the code and data within the APK file.
|
-
|
CVE-2024-48540
|
2024-10-26 01:35 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306972
|
6.5 |
MEDIUM
Network
|
metagauss
|
download_plugin
|
The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functi…
|
CWE-862
Missing Authorization
|
CVE-2024-9829
|
2024-10-26 01:30 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306973
|
4.8 |
MEDIUM
Network
|
mitel
|
micollab
|
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Sc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-30160
|
2024-10-26 01:30 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306974
|
4.8 |
MEDIUM
Network
|
mitel
|
micollab
|
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XS…
|
CWE-79
Cross-site Scripting
|
CVE-2024-30159
|
2024-10-26 01:30 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306975
|
7.2 |
HIGH
Network
|
mitel
|
micollab
|
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to ins…
|
CWE-89
SQL Injection
|
CVE-2024-30158
|
2024-10-26 01:30 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306976
|
7.2 |
HIGH
Network
|
wpovernight
|
woocommerce_order_proposal
|
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of a…
|
CWE-287
Improper Authentication
|
CVE-2024-9927
|
2024-10-26 01:29 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306977
|
5.4 |
MEDIUM
Network
|
rebelcode
|
rss_aggregator
|
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax…
|
CWE-862
Missing Authorization
|
CVE-2024-9583
|
2024-10-26 01:28 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306978
|
3.1 |
LOW
Network
|
umbraco
|
umbraco_cms
|
Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.1…
|
CWE-613
Insufficient Session Expiration
|
CVE-2024-48926
|
2024-10-26 01:19 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306979
|
4.6 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There…
|
CWE-79
Cross-site Scripting
|
CVE-2024-48927
|
2024-10-26 01:15 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306980
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.add…
|
-
|
CVE-2024-30875
|
2024-10-26 01:15 |
2024-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
