|
309641
|
5.9 |
MEDIUM
Network
|
fortinet
|
forticlient
|
An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiCl…
|
CWE-295
Improper Certificate Validation
|
CVE-2022-45856
|
2024-09-26 23:48 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309642
|
9.8 |
CRITICAL
Network
|
villatheme
|
woocommerce_photo_reviews
|
The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating wha…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-8277
|
2024-09-26 23:39 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309643
|
5.4 |
MEDIUM
Network
|
elementor
|
website_builder
|
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and in…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5416
|
2024-09-26 23:37 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309644
|
- |
|
-
|
-
|
Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command Injection. This allows an authenticated attacker to execute arbitrary commands on the device by sending a crafted HTTP request to the …
|
-
|
CVE-2024-44678
|
2024-09-26 23:35 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309645
|
- |
|
-
|
-
|
An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module.
|
-
|
CVE-2024-41708
|
2024-09-26 23:35 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309646
|
- |
|
-
|
-
|
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timin…
|
-
|
CVE-2024-22893
|
2024-09-26 23:35 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309647
|
8.8 |
HIGH
Network
|
themekraft
|
buddyforms
|
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to…
|
NVD-CWE-noinfo
|
CVE-2024-8246
|
2024-09-26 23:00 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309648
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of t…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-44168
|
2024-09-26 22:56 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309649
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to…
|
CWE-125
Out-of-bounds Read
|
CVE-2024-44161
|
2024-09-26 22:56 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309650
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to access private information.
|
NVD-CWE-noinfo
|
CVE-2024-44163
|
2024-09-26 22:55 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
