8.7
CVE-2024-7828 - D-Link DNS-1550-04 photocenter_mgr.cgi cgi_set_cover buffer overflow
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up toβ¦
8.8
CVE-2024-43275 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Collision with another CVE.
5.3
CVE-2024-7411 - Newsletters <= 4.9.9 - Unauthenticated Full Path Disclosure
The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. This is due the plugin not preventing direct access to the /vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php. This makes it possible for unauthenticated attackers to reβ¦
4.3
CVE-2024-7063 - ElementsKit Pro <= 3.6.6 - Authenticated (Contributor+) Sensitive Information Exposure
The ElementsKit Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.6 via the 'render_raw' function. This can allow authenticated attackers, with Contributor-level permissions and above, to extract sensitive data including private, futuβ¦
6.4
CVE-2024-7064 - ElementsKit Pro <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and β¦
0.0
CVE-2024-41718 -
** REJECT ** DO NOT USE THIS CVE ID. ConsultIDs: CVE-2024-39771. Reason: This CVE ID is a reservation duplicate of CVE-2024-39771. Notes: All CVE users should reference CVE-2024-39771 instead of this CVE ID. All references and descriptions in this CVE ID have been removed to prevent accidental usagβ¦
5.1
CVE-2024-7815 - CodeAstro Online Railway Reservation System Update Employee Page admin-update-employee.php cross siβ¦
A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-update-employee.php of the component Update Employee Page. The manipulation of the argument emp_fname β¦
5.1
CVE-2024-7814 - CodeAstro Online Railway Reservation System Add Employee Page admin-add-employee.php cross site scrβ¦
A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_aβ¦
4.3
CVE-2024-6534 - Directus 10.13.0 - Insecure object reference via PATH presets
Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets'Β request but not in the PATCH request. When chained with CVE-2024-6β¦
5.4
CVE-2024-6533 - Directus 10.13.0 - DOM-Based cross-site scripting (XSS) via layout_options
Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVβ¦