|
310161
|
9.8 |
CRITICAL
Network
|
wpdeveloper
|
reviewx
|
Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28.
|
CWE-862
Missing Authorization
|
CVE-2024-43323
|
2024-11-20 03:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310162
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps MailChimp Subscribe Forms allows Stored XSS.This issue affects MailChimp Subscribe For…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43211
|
2024-11-20 03:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310163
|
- |
|
-
|
-
|
Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9.
|
CWE-862
Missing Authorization
|
CVE-2024-37204
|
2024-11-20 03:15 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310164
|
- |
|
-
|
-
|
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MasterStudy LMS: from n/a through 3.2.…
|
CWE-862
Missing Authorization
|
CVE-2024-37094
|
2024-11-20 03:15 |
2024-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310165
|
7.2 |
HIGH
Network
|
craftcms
|
craft_cms
|
Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This e…
|
CWE-22
Path Traversal
|
CVE-2024-52291
|
2024-11-20 03:06 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310166
|
4.8 |
MEDIUM
Network
|
webkul
|
unopim
|
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account wi…
|
CWE-616
CWE-692
Incomplete Identification of Uploaded File Variables (PHP)
Incomplete Denylist to Cross-Site Scripting
|
CVE-2024-52305
|
2024-11-20 03:04 |
2024-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310167
|
7.5 |
HIGH
Network
|
cesanta
|
mongoose
|
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.
|
NVD-CWE-Other
|
CVE-2024-42392
|
2024-11-20 02:55 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310168
|
9.8 |
CRITICAL
Network
|
cesanta
|
mongoose
|
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.
|
NVD-CWE-Other
|
CVE-2024-42383
|
2024-11-20 02:55 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310169
|
7.0 |
HIGH
Local
|
cesanta
|
mongoose
|
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters.
|
NVD-CWE-Other
|
CVE-2024-42385
|
2024-11-20 02:54 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
310170
|
7.5 |
HIGH
Network
|
cesanta
|
mongoose
|
Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2024-42384
|
2024-11-20 02:54 |
2024-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
