|
311921
|
- |
|
-
|
-
|
A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. The application requires users to input a 6-digit PIN code sent to their emai…
|
-
|
CVE-2024-41276
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311922
|
- |
|
-
|
-
|
Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests.
If a request has no Authorization header, it is created with an empty string as value by a rewri…
|
-
|
CVE-2023-7273
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311923
|
- |
|
-
|
-
|
An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information …
|
CWE-23
Relative Path Traversal
|
CVE-2024-9405
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311924
|
- |
|
-
|
-
|
The QS Dark Mode Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.9 due to insufficient input sanitization and out…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9118
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311925
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The AVIF & SVG Uploader plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.1.0 due to insufficient input sanitization and output escaping. This makes …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9060
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311926
|
- |
|
-
|
-
|
An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protec…
|
-
|
CVE-2023-3441
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311927
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions …
|
CWE-862
Missing Authorization
|
CVE-2024-8430
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311928
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The XO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘get_slider’ function in all versions up to, and including, 3.8.6 due to insufficient input sanitization and ou…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8324
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311929
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Elastik Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 0.27.4 due to insufficient input sanitization and…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9274
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311930
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The R Animated Icon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9272
|
2024-10-4 22:51 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
