|
310581
|
6.1 |
MEDIUM
Network
|
fetchdesigns
|
sign-up_sheets
|
The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as the $_SERVER['REQUEST_URI'] parameter before outputting them back in attributes, which could lead to …
|
CWE-79
Cross-site Scripting
|
CVE-2024-6020
|
2024-10-8 00:42 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310582
|
4.8 |
MEDIUM
Network
|
ays-pro
|
secure_copy_content_protection_and_content_locking
|
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6888
|
2024-10-8 00:41 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310583
|
4.8 |
MEDIUM
Network
|
mansurahamed
|
chatbot_support_ai
|
The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6722
|
2024-10-8 00:41 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310584
|
8.8 |
HIGH
Network
|
skyselang
|
yyladmin
|
A vulnerability classified as critical was found in skyselang yylAdmin up to 3.0. Affected by this vulnerability is the function list of the file /app/admin/controller/file/File.php of the component …
|
CWE-89
SQL Injection
|
CVE-2024-9293
|
2024-10-8 00:37 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310585
|
7.5 |
HIGH
Network
|
hcltech
|
hcl_nomad
|
HCL Nomad is susceptible to an insufficient session expiration vulnerability. Under certain circumstances, an unauthenticated attacker could obtain old session information.
|
CWE-613
Insufficient Session Expiration
|
CVE-2024-23586
|
2024-10-8 00:30 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310586
|
9.8 |
CRITICAL
Network
|
wow-company
|
viral_signup
|
The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a…
|
CWE-89
SQL Injection
|
CVE-2024-6926
|
2024-10-8 00:29 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310587
|
4.8 |
MEDIUM
Network
|
ays-pro
|
secure_copy_content_protection_and_content_locking
|
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6889
|
2024-10-8 00:29 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310588
|
8.8 |
HIGH
Network
|
advantech
|
adam-5630_firmware
|
Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a
session is closed. Forging requests with a legitimate cookie, even if
the session was terminated, allows an …
|
NVD-CWE-Other
|
CVE-2024-39275
|
2024-10-8 00:25 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310589
|
6.1 |
MEDIUM
Network
|
advantech
|
adam_5550-firmware
|
Advantech ADAM 5550's web application includes a "logs" page where all
the HTTP requests received are displayed to the user. The device doesn't
correctly neutralize malicious code when parsing HTTP…
|
CWE-79
Cross-site Scripting
|
CVE-2024-38308
|
2024-10-8 00:24 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310590
|
5.7 |
MEDIUM
Adjacent
|
advantech
|
adam-5630_firmware
|
Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-34542
|
2024-10-8 00:20 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
