|
308021
|
- |
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administrator role to run JavaScript in the contex…
|
-
|
CVE-2024-47139
|
2024-10-17 01:38 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308022
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being retur…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-9893
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308023
|
- |
|
-
|
-
|
Relative Path Traversal vulnerability in James Park Analyse Uploads allows Relative Path Traversal.This issue affects Analyse Uploads: from n/a through 0.5.
|
CWE-23
Relative Path Traversal
|
CVE-2024-49253
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308024
|
- |
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ahime Ahime Image Printer.This issue affects Ahime Image Printer: from n/a through 1.0.0.
|
CWE-22
Path Traversal
|
CVE-2024-49245
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308025
|
- |
|
-
|
-
|
Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-49242
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308026
|
- |
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in Innovaweb Sp. Z o.O. Free Stock Photos Foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through 1.5.4.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-49227
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308027
|
- |
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in TAKETIN TAKETIN To WP Membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through 2.8.0.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-49226
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308028
|
- |
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object Injection.This issue affects Recently: from n/a through 1.1.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-49218
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308029
|
- |
|
-
|
-
|
Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Clayton Feed Comments Number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: from n/a throug…
|
-
|
CVE-2024-49216
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308030
|
- |
|
-
|
-
|
Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim
|
-
|
CVE-2024-22034
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
