2024-02-29 08:00:10.722432
System Dashboard < 2.8.10 – XSS via Header Injection exploit
https://sploitus.com/exploit?id=WPEX-ID:7413D5EC-10A7-4CB8-AC1C-4EF554751518
WordPress WP Fastest Cache 1.2.2 SQL Injection Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-39382
WordPress WP Rocket < 2.10.3 – Local File Inclusion Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-39381
Blood Bank v1.0 – Multiple SQL Injection Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-39384
WordPress Admin Bar And Dashboard Access Control 1.28 XSS Vulnerability exploit
https://sploitus.com/exploit?id=1337DAY-ID-39380
2024-02-29 08:02:19.806991
CVE-2024-24705 / CVSS: 5.4 (MEDIUM)
(Wed, 28 Feb 2024 15:15:08 GMT)
– https://www.cve.org/CVERecord?id=CVE-2024-24705
Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through…
CVE-2024-24702 / CVSS: 4.3 (MEDIUM)
(Wed, 28 Feb 2024 15:15:08 GMT)
– https://www.cve.org/CVERecord?id=CVE-2024-24702
Cross-Site Request Forgery (CSRF) vulnerability in Matt Martz & Andy Stratton Page Restrict.This issue affects Page Restrict:…
CVE-2023-6917 (Wed, 28 Feb 2024 15:15:07 GMT)
– https://www.cve.org/CVERecord?id=CVE-2023-6917
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utili…
CVE-2024-27515 (Wed, 28 Feb 2024 13:15:09 GMT)
– https://www.cve.org/CVERecord?id=CVE-2024-27515
Osclass 5.1.2 is vulnerable to SQL Injection.
CVE-2024-25927 / CVSS: 9.3 (CRITICAL)
(Wed, 28 Feb 2024 13:15:09 GMT)
– https://www.cve.org/CVERecord?id=CVE-2024-25927
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Joel Starnes postMash –…
CVE-2024-25910 / CVSS: 9.8 (CRITICAL)
(Wed, 28 Feb 2024 13:15:09 GMT)
– https://www.cve.org/CVERecord?id=CVE-2024-25910
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Skymoonlabs MoveTo.This…
CVE-2024-25902 / CVSS: 7.6 (HIGH)
(Wed, 28 Feb 2024 13:15:08 GMT)
– https://www.cve.org/CVERecord?id=CVE-2024-25902
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in miniorange Malware Scan…
CVE-2024-24868 / CVSS: 8.5 (HIGH)
(Wed, 28 Feb 2024 13:15:08 GMT)
– https://www.cve.org/CVERecord?id=CVE-2024-24868
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Smartypants SP Project …
CVE-2024-21886 (Wed, 28 Feb 2024 13:15:08 GMT)
– https://www.cve.org/CVERecord?id=CVE-2024-21886
A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an applicatio…
CVE-2024-21885 (Wed, 28 Feb 2024 13:15:08 GMT)
– https://www.cve.org/CVERecord?id=CVE-2024-21885
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array le…
CVE-2024-1965 / CVSS: 6.5 (MEDIUM)
(Wed, 28 Feb 2024 13:15:07 GMT)
– https://www.cve.org/CVERecord?id=CVE-2024-1965
Server-Side Request Forgery vulnerability in Haivision’s Aviwest Manager and Aviwest Steamhub. This vulnerability could allow…
CVE-2024-1808 / CVSS: 6.4 (MEDIUM)
(Wed, 28 Feb 2024 13:15:07 GMT)
– https://www.cve.org/CVERecord?id=CVE-2024-1808
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plug…
CVE-2024-26016 / CVSS: 4.3 (MEDIUM)
(Wed, 28 Feb 2024 12:15:47 GMT)
– https://www.cve.org/CVERecord?id=CVE-2024-26016
A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modif…
CVE-2024-24779 / CVSS: 5 (MEDIUM)
(Wed, 28 Feb 2024 12:15:47 GMT)
– https://www.cve.org/CVERecord?id=CVE-2024-24779
Apache Superset with custom roles that include can write on dataset and without all data access permissions, allows for use…
CVE-2024-24773 / CVSS: 4.9 (MEDIUM)
(Wed, 28 Feb 2024 12:15:47 GMT)
– https://www.cve.org/CVERecord?id=CVE-2024-24773
Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope…
CVE-2024-24772 / CVSS: 4.3 (MEDIUM)
(Wed, 28 Feb 2024 12:15:47 GMT)
– https://www.cve.org/CVERecord?id=CVE-2024-24772
A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from …
CVE-2024-1636 / CVSS: 8 (HIGH)
(Wed, 28 Feb 2024 12:15:47 GMT)
– https://www.cve.org/CVERecord?id=CVE-2024-1636