|
309771
|
8.8 |
HIGH
Network
|
qnap
|
video_station
|
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed…
|
CWE-89
SQL Injection
|
CVE-2023-50360
|
2024-09-29 08:44 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309772
|
7.8 |
HIGH
Local
|
ui
|
unifi_network_application
|
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell acces…
|
CWE-77
Command Injection
|
CVE-2024-42025
|
2024-09-29 03:35 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309773
|
6.1 |
MEDIUM
Network
|
mm-breaking_news_project
|
mm-breaking_news
|
The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8056
|
2024-09-28 06:29 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309774
|
6.1 |
MEDIUM
Network
|
mm-breaking_news_project
|
mm-breaking_news
|
The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add S…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8054
|
2024-09-28 06:29 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309775
|
4.8 |
MEDIUM
Network
|
ninjateam
|
header_footer_custom_code
|
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Sit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6617
|
2024-09-28 06:28 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309776
|
4.8 |
MEDIUM
Network
|
ninjateam
|
header_footer_custom_code
|
The NinjaTeam Header Footer Custom Code WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Sit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6493
|
2024-09-28 06:28 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309777
|
6.8 |
MEDIUM
Network
|
pixeljar
|
favicon_generator
|
The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary f…
|
CWE-352
Origin Validation Error
|
CVE-2024-7863
|
2024-09-28 06:27 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309778
|
4.8 |
MEDIUM
Network
|
premio
|
my_sticky_bar
|
The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.3 does not validate and escape some of its settings before outputtin…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7133
|
2024-09-28 06:27 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309779
|
6.5 |
MEDIUM
Network
|
pixeljar
|
favicon_generator
|
The Favicon Generator (CLOSED) WordPress plugin before 2.1 does not have CSRF and path validation in the output_sub_admin_page_0() function, allowing attackers to make logged in admins delete arbitra…
|
CWE-352
Origin Validation Error
|
CVE-2024-7864
|
2024-09-28 06:26 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
309780
|
6.5 |
MEDIUM
Network
|
gowildchild
|
visual_sound
|
The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-8047
|
2024-09-28 06:25 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
