|
313831
|
8.1 |
HIGH
Network
|
heateor
|
social_login
|
The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being…
|
NVD-CWE-noinfo
|
CVE-2024-10020
|
2024-11-9 06:19 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313832
|
5.3 |
MEDIUM
Network
|
theinnovs
|
eleforms
|
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all v…
|
CWE-862
Missing Authorization
|
CVE-2024-6626
|
2024-11-9 06:18 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313833
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortimanager_cloud
fortimanager
|
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-47575
|
2024-11-9 06:16 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313834
|
9.8 |
CRITICAL
Network
|
websiteinwp
|
blogpoet
|
Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.
|
CWE-862
Missing Authorization
|
CVE-2024-43998
|
2024-11-9 06:11 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313835
|
8.8 |
HIGH
Network
|
geekcodelab
|
login_as_users
|
Missing Authorization vulnerability in Geek Code Lab Login As Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login As Users: from n/a through 1.4.3.
|
CWE-862
Missing Authorization
|
CVE-2024-43982
|
2024-11-9 06:11 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313836
|
8.8 |
HIGH
Network
|
ayecode
|
geodirectory
|
Missing Authorization vulnerability in AyeCode – WP Business Directory Plugins GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GeoDirectory: fr…
|
CWE-862
Missing Authorization
|
CVE-2024-43981
|
2024-11-9 06:10 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313837
|
8.8 |
HIGH
Network
|
combodo
|
itop
|
Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manage…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-51740
|
2024-11-9 06:09 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313838
|
9.8 |
CRITICAL
Network
|
didi
|
super-jacoco
|
A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cov/triggerUnitCover. The manipulation of t…
|
CWE-78
OS Command
|
CVE-2024-10919
|
2024-11-9 06:07 |
2024-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313839
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
xfrm: fix one more kernel-infoleak in algo dumping
During fuzz testing, the following issue was discovered:
BUG: KMSAN: kernel-i…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-50110
|
2024-11-9 06:05 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313840
|
6.1 |
MEDIUM
Network
|
themehigh
|
checkout_field_editor
|
The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘render_review_request_notice’ function in all versions up to…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8499
|
2024-11-9 06:01 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
