Latest CVE Feed
-
9.9
CRITICALCVE-2024-50511
Unrestricted Upload of File with Dangerous Type vulnerability in David DONISA WP donimedia carousel allows Upload a Web Shell to a Web Server.This issue affects WP donimedia carousel: from n/a through 1.0.1.... Read more
Affected Products :- Published: Oct. 30, 2024
- Modified: Nov. 01, 2024
-
8.7
HIGHCVE-2024-0106
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service... Read more
Affected Products : bluefield_1_firmware- Published: Nov. 01, 2024
- Modified: Nov. 01, 2024
-
8.6
HIGHCVE-2024-50509
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through 1.0.0.... Read more
Affected Products :- Published: Oct. 30, 2024
- Modified: Nov. 01, 2024
-
6.4
MEDIUMCVE-2024-10223
The WP Team – WordPress Team Member Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's htteamember shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on u... Read more
Affected Products :- Published: Oct. 30, 2024
- Modified: Nov. 01, 2024
-
5.3
MEDIUMCVE-2024-10544
The Woo Manage Fraud Orders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.1.7 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensi... Read more
Affected Products :- Published: Oct. 31, 2024
- Modified: Nov. 01, 2024
-
6.1
MEDIUMCVE-2024-10652
IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks.... Read more
Affected Products :- Published: Nov. 01, 2024
- Modified: Nov. 01, 2024
-
5.4
MEDIUMCVE-2024-48569
Proactive Risk Manager version 9.1.1.0 is affected by multiple Cross-Site Scripting (XSS) vulnerabilities in the add/edit form fields, at the urls starting with the subpaths: /ar/config/configuation/ and /ar/config/risk-strategy-control/... Read more
Affected Products :- Published: Oct. 30, 2024
- Modified: Nov. 01, 2024
-
5.2
MEDIUMCVE-2024-31973
Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via the 'Network Name (SSID)' input fields to the /index.html#wireless_basic page.... Read more
Affected Products :- Published: Oct. 30, 2024
- Modified: Nov. 01, 2024
-
8.8
HIGHCVE-2024-50504
Incorrect Privilege Assignment vulnerability in Matt Whiteman Bulk Change Role allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through 1.1.... Read more
Affected Products :- Published: Oct. 30, 2024
- Modified: Nov. 01, 2024
-
9.6
CRITICALCVE-2024-49674
Cross-Site Request Forgery (CSRF) vulnerability in Lukas Huser EKC Tournament Manager allows Upload a Web Shell to a Web Server.This issue affects EKC Tournament Manager: from n/a through 2.2.1.... Read more
Affected Products : ekc_tournament_manager- Published: Oct. 31, 2024
- Modified: Nov. 01, 2024
-
6.1
MEDIUMCVE-2024-10454
Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the '/public/login' directory, a login panel. This vulnerability occurs due to the absence of an X-Frame-Options server-side header. An attacker could overlay a transparent iframe to perform click h... Read more
Affected Products :- Published: Oct. 31, 2024
- Modified: Nov. 01, 2024
-
6.4
MEDIUMCVE-2024-51430
Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component.... Read more
Affected Products :- Published: Oct. 31, 2024
- Modified: Nov. 01, 2024
-
6.4
MEDIUMCVE-2024-9885
The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient input sanitization and output escaping on user supplied ... Read more
Affected Products :- Published: Oct. 30, 2024
- Modified: Nov. 01, 2024
-
6.4
MEDIUMCVE-2024-10367
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization... Read more
Affected Products : otter_blocks- Published: Nov. 01, 2024
- Modified: Nov. 01, 2024
-
7.2
HIGHCVE-2024-10108
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's adverts_add shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes ... Read more
Affected Products :- Published: Oct. 30, 2024
- Modified: Nov. 01, 2024
-
6.1
MEDIUMCVE-2024-9434
The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the on__translate_options_page() function. This makes it p... Read more
Affected Products :- Published: Oct. 31, 2024
- Modified: Nov. 01, 2024
-
8.4
HIGHCVE-2024-48214
KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, e... Read more
Affected Products :- Published: Oct. 30, 2024
- Modified: Nov. 01, 2024
-
6.9
MEDIUMCVE-2024-10620
A vulnerability was found in knightliao Disconf 2.6.36. It has been classified as critical. This affects an unknown part of the file /api/config/list of the component Configuration Center. The manipulation leads to improper authentication. It is possible ... Read more
Affected Products :- Published: Nov. 01, 2024
- Modified: Nov. 01, 2024
-
8.4
HIGHCVE-2024-37573
The Talkatone com.talkatone.android application 8.4.6 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.talkatone.vedroid.ui.launcher.OutgoingCallInter... Read more
Affected Products :- Published: Oct. 30, 2024
- Modified: Nov. 01, 2024
-
6.4
MEDIUMCVE-2024-9884
The T(-) Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tminus' shortcode in all versions up to, and including, 2.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more
Affected Products :- Published: Oct. 30, 2024
- Modified: Nov. 01, 2024