|
307081
|
9.8 |
CRITICAL
Network
|
dompdf_project
|
dompdf
|
An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versio…
|
CWE-611
XXE
|
CVE-2021-3902
|
2024-11-20 02:12 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307082
|
5.4 |
MEDIUM
Network
|
sylius
|
sylius
|
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that…
|
CWE-79
Cross-site Scripting
|
CVE-2021-3841
|
2024-11-20 02:11 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307083
|
9.8 |
CRITICAL
Network
|
dompdf_project
|
dompdf
|
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files o…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-3838
|
2024-11-20 02:11 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307084
|
8.8 |
HIGH
Network
|
chatwoot
|
chatwoot
|
A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-3742
|
2024-11-20 02:10 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307085
|
8.8 |
HIGH
Network
|
vanquish
|
user_extra_fields
|
The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 1…
|
CWE-862
Missing Authorization
|
CVE-2024-10800
|
2024-11-20 02:08 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307086
|
5.4 |
MEDIUM
Network
|
chatwoot
|
chatwoot
|
A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6. The vulnerability occurs when a user uploads an SVG file containing a malic…
|
CWE-79
Cross-site Scripting
|
CVE-2021-3741
|
2024-11-20 02:07 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307087
|
5.7 |
MEDIUM
Network
|
wpdeveloper
|
essential_addons_for_elementor
|
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, …
|
NVD-CWE-noinfo
|
CVE-2024-8979
|
2024-11-20 02:05 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307088
|
5.7 |
MEDIUM
Network
|
wpdeveloper
|
essential_addons_for_elementor
|
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, …
|
NVD-CWE-noinfo
|
CVE-2024-8978
|
2024-11-20 02:04 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307089
|
8.8 |
HIGH
Network
|
cmorillas1
|
external_database_based_actions
|
The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edba_admin_han…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-10311
|
2024-11-20 02:03 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307090
|
5.4 |
MEDIUM
Network
|
wpdeveloper
|
essential_addons_for_elementor
|
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomore_items_text…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8961
|
2024-11-20 02:01 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
