|
315071
|
9.8 |
CRITICAL
Network
|
givewp
|
givewp
|
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input fr…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-5932
|
2024-08-27 03:34 |
2024-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315072
|
6.5 |
MEDIUM
Network
|
ibm
|
global_configuration_management
|
IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls.
|
NVD-CWE-Other
|
CVE-2024-41773
|
2024-08-27 03:33 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315073
|
6.5 |
MEDIUM
Network
|
ghost
|
ghost
|
Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. Th…
|
CWE-287
Improper Authentication
|
CVE-2024-43409
|
2024-08-27 03:31 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315074
|
8.8 |
HIGH
Network
|
lfedge
|
ekuiper
|
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of …
|
CWE-89
SQL Injection
|
CVE-2024-43406
|
2024-08-27 03:30 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315075
|
9.8 |
CRITICAL
Network
|
megacord
|
megabot
|
MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval(…
|
CWE-94
Code Injection
|
CVE-2024-43404
|
2024-08-27 03:29 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315076
|
4.3 |
MEDIUM
Network
|
apolloconfig
|
apollo
|
Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit…
|
NVD-CWE-Other
|
CVE-2024-43397
|
2024-08-27 03:28 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315077
|
4.3 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2.
|
NVD-CWE-Other
|
CVE-2024-43377
|
2024-08-27 03:26 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315078
|
5.3 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-43376
|
2024-08-27 03:24 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315079
|
7.5 |
HIGH
Network
|
apolloconfig
|
apollo
|
An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via a crafted request.
|
NVD-CWE-noinfo
|
CVE-2024-42662
|
2024-08-27 03:22 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315080
|
6.5 |
MEDIUM
Network
|
bitapps
|
contact_form_builder
|
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file deletion due to insuff…
|
CWE-22
Path Traversal
|
CVE-2024-7782
|
2024-08-27 03:21 |
2024-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
