|
307691
|
- |
|
-
|
-
|
Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console…
|
-
|
CVE-2023-6729
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307692
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input sanitiz…
|
-
|
CVE-2024-9898
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307693
|
5.1 |
MEDIUM
Local
|
-
|
-
|
SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-45713
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307694
|
- |
|
-
|
-
|
A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-10068
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307695
|
7.2 |
HIGH
Network
|
-
|
-
|
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9184
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307696
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8920
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307697
|
- |
|
-
|
-
|
Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
|
CWE-79
Cross-site Scripting
|
CVE-2024-49392
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307698
|
- |
|
-
|
-
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-49391
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307699
|
- |
|
-
|
-
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-49390
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307700
|
- |
|
-
|
-
|
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
|
CWE-276
Incorrect Default Permissions
|
CVE-2024-49389
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
