|
312001
|
3.5 |
LOW
Network
|
analytify
|
analytify_-_google_analytics_dashboard
|
Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1.
|
CWE-352
Origin Validation Error
|
CVE-2024-43265
|
2024-09-13 06:17 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312002
|
7.5 |
HIGH
Network
|
storelocatorplus
|
store_locator_plus
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Store Locator Plus.This issue affects Store Locator Plus: from n/a through 2311.17.01.
|
NVD-CWE-noinfo
|
CVE-2024-43258
|
2024-09-13 06:11 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312003
|
8.8 |
HIGH
Network
|
mage-people
|
event_manager_and_tickets_selling_for_woocommerce
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MagePeople Team Event Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Event …
|
CWE-22
Path Traversal
|
CVE-2024-43138
|
2024-09-13 06:11 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312004
|
6.5 |
MEDIUM
Network
|
nouthemes
|
leopard
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Nouthemes Leopard - WordPress offload media.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36.
|
NVD-CWE-noinfo
|
CVE-2024-43257
|
2024-09-13 06:09 |
2024-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312005
|
5.4 |
MEDIUM
Network
|
piotnet
|
piotnet_addons
|
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion, Dual Heading, and Vertical Timeline widgets in all versions up to,…
|
CWE-79
Cross-site Scripting
|
CVE-2024-5502
|
2024-09-13 06:05 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312006
|
4.9 |
MEDIUM
Network
|
continew
|
continew_admin
|
A vulnerability was found in ContiNew Admin 3.2.0 and classified as critical. Affected by this issue is the function top.continew.starter.extension.crud.controller.BaseController#page of the file /ap…
|
CWE-89
SQL Injection
|
CVE-2024-8150
|
2024-09-13 06:01 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312007
|
6.5 |
MEDIUM
Network
|
9front
|
lib9p
|
A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user.
This is du…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-8158
|
2024-09-13 06:00 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312008
|
9.8 |
CRITICAL
Network
|
hillstonenet
|
web_application_firewall
|
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firew…
|
CWE-77
Command Injection
|
CVE-2024-8073
|
2024-09-13 05:58 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312009
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix null ptr deref in dtInsertEntry
[syzbot reported]
general protection fault, probably for non-canonical address 0xdffffc0…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-44939
|
2024-09-13 05:58 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312010
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to cover read extent cache access with lock
syzbot reports a f2fs bug as below:
BUG: KASAN: slab-use-after-free in san…
|
CWE-416
Use After Free
|
CVE-2024-44941
|
2024-09-13 05:57 |
2024-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
