7.1
CVE-2024-43304 - WordPress Cryptocurrency Widgets plugin <= 2.8.0 - Reflected Cross Site Scripting (XSS) vulnerabiliโฆ
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Cryptocurrency Widgets โ Price Ticker & Coins List allows Reflected XSS.This issue affects Cryptocurrency Widgets โ Price Ticker & Coins List: from n/a through 2.8.0.
5.3
CVE-2024-7911 - SourceCodester Simple Online Bidding System index.php file inclusion
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /simple-online-bidding-system/bidding/index.php. The manipulation of the argument page leads to file inclusion. It is possible to initiate the aโฆ
7.5
CVE-2024-6221 - Improper Access Control in corydolphin/flask-cors
A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthโฆ
5.1
CVE-2024-7910 - CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricteโฆ
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. The aโฆ
8.7
CVE-2024-7909 - TOTOLINK EX1200L cstecgi.cgi setLanguageCfg stack-based overflow
A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be โฆ
8.7
CVE-2024-7908 - TOTOLINK EX1200L cstecgi.cgi setDefResponse stack-based overflow
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. It is possible to launch the attack โฆ
5.3
CVE-2024-7907 - TOTOLINK X6000R cstecgi.cgi setSyslogCfg command injection
A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The attack may be initiated remotely. Thโฆ
6.5
CVE-2024-43305 - WordPress Custom Layouts โ Post + Product grids made easy plugin <= 1.4.11 - Cross Site Scripting (โฆ
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Code Amp Custom Layouts โ Post + Product grids made easy allows Stored XSS.This issue affects Custom Layouts โ Post + Product grids made easy: from n/a through 1.4.11.
7.1
CVE-2024-43306 - WordPress WP-Lister Lite for eBay plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.6.0.
6.5
CVE-2024-43307 - WordPress Structured Content (JSON-LD) #wpsc plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerabiโฆ
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gordon Bรถhme, Antonio Leutsch Structured Content allows Stored XSS.This issue affects Structured Content: from n/a through 1.6.2.