6.7
CVE-2024-5963 - An unquoted executable path exists in Hitachi Device Manager
Unquoted Executable Path vulnerability in Hitachi Device Manager on Windows (Device Manager Server component).This issue affects Hitachi Device Manager: before 8.8.7-00.
5.3
CVE-2024-7497 - itsourcecode Airline Reservation System index.php file inclusion
A vulnerability was found in itsourcecode Airline Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disβ¦
7.2
CVE-2024-7485 - Traffic Manager <= 1.4.5 - Unauthenticated Stored Cross-Site Scripting
The Traffic Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page' parameter in the 'UserWebStat' AJAX function in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackβ¦
8.8
CVE-2023-5000 - Horizontal scrolling announcements <= 2.4 - Authenticated (Contributor+) SQL Injection via Shortcoβ¦
The Horizontal scrolling announcements plugin for WordPress is vulnerable to SQL Injection via the plugin's 'hsas-shortcode' shortcode in versions up to, and including, 2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thisβ¦
8.8
CVE-2024-6315 - Blox Page Builder <= 1.0.65 - Authenticated (Contributor+) Arbitrary File Upload
The Blox Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handleUploadFile' function in all versions up to, and including, 1.0.65. This makes it possible for authenticated attackers, with contributor-level and above permissions, tβ¦
7.2
CVE-2024-7484 - CRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload
The CRM Perks Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'handle_uploaded_files' function in versions up to, and including, 1.1.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, toβ¦
5.3
CVE-2024-7496 - itsourcecode Airline Reservation System index.php file inclusion
A vulnerability has been found in itsourcecode Airline Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack can be initiated remotely. The exploit has been disclosβ¦
5.3
CVE-2024-7495 - itsourcecode Laravel Accounting System HomeController.php unrestricted upload
A vulnerability, which was classified as critical, was found in itsourcecode Laravel Accounting System 1.0. This affects an unknown part of the file app/Http/Controllers/HomeController.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack reβ¦
8.8
CVE-2024-41616 -
D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service.
9.8
CVE-2024-39227 -
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vuβ¦