|
307441
|
9.8 |
CRITICAL
Network
|
gvectors
|
wpdiscuz
|
The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned b…
|
NVD-CWE-Other
|
CVE-2024-9488
|
2024-11-6 23:57 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307442
|
6.1 |
MEDIUM
Network
|
markjaquith
|
subscribe_to_comments
|
The Subscribe to Comments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and inclu…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8792
|
2024-11-6 23:51 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307443
|
5.4 |
MEDIUM
Network
|
instantcms
|
instantcms
|
InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-50348
|
2024-11-6 23:49 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307444
|
9.8 |
CRITICAL
Network
|
codezips
|
online_institute_management_system
|
A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the ar…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10765
|
2024-11-6 23:45 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307445
|
9.8 |
CRITICAL
Network
|
codezips
|
online_institute_management_system
|
A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argume…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-10764
|
2024-11-6 23:44 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307446
|
7.1 |
HIGH
Local
|
apple
|
iphone_os
ipados
visionos
tvos
|
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted ba…
|
CWE-59
Link Following
|
CVE-2024-44258
|
2024-11-6 23:35 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307447
|
8.8 |
HIGH
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgra…
|
CWE-352
Origin Validation Error
|
CVE-2024-31998
|
2024-11-6 23:31 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307448
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be performed when importing this content. This iss…
|
CWE-79
Cross-site Scripting
|
CVE-2024-31448
|
2024-11-6 23:31 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307449
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9,…
|
CWE-79
Cross-site Scripting
|
CVE-2023-34445
|
2024-11-6 23:29 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307450
|
6.1 |
MEDIUM
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.searchform.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.…
|
CWE-79
Cross-site Scripting
|
CVE-2023-34444
|
2024-11-6 23:28 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
