6.4

CVSS3.1

CVE-2024-8967 - PWA β€” easy way to Progressive Web App <= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scriptin…

The PWA β€” easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-le…

πŸ“… Published: Oct. 2, 2024, 7:35 a.m. πŸ”„ Last Modified: April 8, 2026, 4:32 p.m.

5.4

CVSS3.1

CVE-2024-8254 - Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & Woo…

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that does…

πŸ“… Published: Oct. 2, 2024, 6:46 a.m. πŸ”„ Last Modified: April 8, 2026, 5:02 p.m.

7.5

CVSS3.1

CVE-2024-7315 - Migration, Backup, Staging – WPvivid < 0.9.106 - Unauthenticated Sensitive Data Exposure

The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups.

πŸ“… Published: Oct. 2, 2024, 6 a.m. πŸ”„ Last Modified: Aug. 27, 2025, noon

5.3

CVSS4.0

CVE-2024-9333 - Permission bypass in M-Files Connector for Copilot

Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation

πŸ“… Published: Oct. 2, 2024, 5:57 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.9

CVSS4.0

CVE-2024-9174 - Stored HTML Injection in Hubshare social module

Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI

πŸ“… Published: Oct. 2, 2024, 5:56 a.m. πŸ”„ Last Modified: Feb. 23, 2026, 11:16 a.m.

4.5

CVSS3.1

CVE-2024-21530 -

Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. **Note:** The issu…

πŸ“… Published: Oct. 2, 2024, 5 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2024-7855 - WP Hotel Booking <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload

The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload ar…

πŸ“… Published: Oct. 2, 2024, 4:31 a.m. πŸ”„ Last Modified: April 8, 2026, 5:01 p.m.

9.8

CVSS3.1

CVE-2024-45186 -

FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials.

πŸ“… Published: Oct. 2, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2024-24116 -

An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.

πŸ“… Published: Oct. 2, 2024, midnight πŸ”„ Last Modified: Feb. 10, 2025, 11:15 p.m.

8.8

CVSS3.1

CVE-2024-46626 -

OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted payload.

πŸ“… Published: Oct. 2, 2024, midnight πŸ”„ Last Modified: July 17, 2025, 5:36 p.m.
Total resulsts: 349182
Page 8421 of 34,919
Β« previous page Β» next page
Filters