8.8
CVE-2023-51515 - WordPress Uncode Core plugin <= 2.8.8 - Privilege Escalation vulnerability
Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8.
4.3
CVE-2023-51499 - WordPress WooCommerce Shipping Per Product plugin <= 2.5.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4.
5.3
CVE-2023-52211 - WordPress WP Job Manager plugin <= 2.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0.
3.7
CVE-2024-3689 - Zhejiang Land Zongheng Network Technology O2OA information disclosure
A vulnerability classified as problematic has been found in Zhejiang Land Zongheng Network Technology O2OA up to 20240403. Affected is an unknown function of the file /x_portal_assemble_surface/jaxrs/portal/list?v=8.2.3-4-43f4fe3. The manipulation leads to information disclosure. It is possible to β¦
6.3
CVE-2024-3688 - Xiamen Four-Faith RMP Router Management Platform sql injection
A vulnerability was found in Xiamen Four-Faith RMP Router Management Platform 5.2.2. It has been declared as critical. This vulnerability affects unknown code of the file /Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=. The manipulation of the argument groupId leads to sql inβ¦
3.5
CVE-2024-3687 - bihell Dice Comment cross site scripting
A vulnerability was found in bihell Dice 3.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and β¦
5.3
CVE-2024-3707 - Exposure of Information Through Directory Listing vulnerability in OpenGnsys
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.
5.9
CVE-2024-3706 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in OpenGnsys
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored.
8.8
CVE-2024-3705 - Unrestricted Upload of File with Dangerous Type vulnerability in OpenGnsys
Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/M_Icons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell injecβ¦
9.8
CVE-2024-3704 - SQL Injection vulnerability in OpenGnsys
SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database.