4.8
CVE-2024-20269 - Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient valβ¦
7.7
CVE-2024-20268 - Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Denial of Serβ¦
A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause an unexpected reload of the device. This vulnerability is due to iβ¦
4.8
CVE-2024-20264 - Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient valβ¦
5.3
CVE-2024-49756 - AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.
AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions (no changing fields), and would alβ¦
5.1
CVE-2024-10296 - PHPGurukul Medical Card Generation System Report of Medical Card Page card-bwdates-reports-details.β¦
A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/card-bwdates-reports-details.php of the component Report of Medical Card Page. The manipulation of the argumentβ¦
5.3
CVE-2024-10293 - ZZCMS functions.php Ebak_SetGotoPak unrestricted upload
A vulnerability was found in ZZCMS 2023. It has been classified as critical. Affected is the function Ebak_SetGotoPak of the file 3/Ebbak5.1/upload/class/functions.php. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has β¦
1.2
CVE-2024-49751 - Frappe Press possible HTML injection through SaaS Signup inputs
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Prior to commit 5d118a902872d7941f099ad1fb918e2421e79ccd, a user could inject HTML through SaaS signup inputs. The user who injected the unsafe HTML code would onlβ¦
9.9
CVE-2024-49652 - WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through <= 1.0.3.
9.9
CVE-2024-49653 - WordPress Portfolleo plugin <= 1.2 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in james-eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through <= 1.2.
9.9
CVE-2024-49658 - WordPress Woocommerce Custom Profile Picture plugin <= 1.0 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in ecomerciar Woocommerce Custom Profile Picture woo-custom-profile-picture allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Custom Profile Picture: from n/a through <= 1.0.