| CVE-2023-7288 |
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized dat... |
MEDIUM |
2024-10-16 |
View Details |
| CVE-2024-49266 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab... |
|
2024-10-16 |
View Details |
| CVE-2024-45711 |
SolarWinds Serv-U is vulnerable to a directory traversal vulnerability where remote code execution... |
HIGH |
2024-10-16 |
View Details |
| CVE-2023-7287 |
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized sub... |
|
2024-10-16 |
View Details |
| CVE-2024-48744 |
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPG... |
|
2024-10-16 |
View Details |
| CVE-2024-45710 |
SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation... |
|
2024-10-16 |
View Details |
| CVE-2023-7286 |
The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in ... |
MEDIUM |
2024-10-16 |
View Details |
| CVE-2024-47139 |
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Config... |
|
2024-10-16 |
View Details |
| CVE-2024-45693 |
Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requ... |
|
2024-10-16 |
View Details |
| CVE-2022-4974 |
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cr... |
MEDIUM |
2024-10-16 |
View Details |
| CVE-2024-45844 |
BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless... |
|
2024-10-16 |
View Details |
| CVE-2024-45462 |
The logout operation in the CloudStack web interface does not expire the user session completely whi... |
|
2024-10-16 |
View Details |
| CVE-2022-4973 |
WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting ... |
MEDIUM |
2024-10-16 |
View Details |
| CVE-2024-9893 |
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all vers... |
CRITICAL |
2024-10-16 |
View Details |
| CVE-2024-45461 |
The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system ... |
|
2024-10-16 |
View Details |
| CVE-2022-4972 |
The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing cap... |
HIGH |
2024-10-16 |
View Details |
| CVE-2024-49270 |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab... |
|
2024-10-16 |
View Details |
| CVE-2024-45219 |
Account users in Apache CloudStack by default are allowed to upload and register templates for deplo... |
|
2024-10-16 |
View Details |
| CVE-2024-9980 |
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote ... |
HIGH |
2024-10-15 |
View Details |
| CVE-2024-9676 |
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the co... |
MEDIUM |
2024-10-15 |
View Details |
| CVE-2024-9955 |
Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacke... |
|
2024-10-15 |
View Details |
| CVE-2024-9820 |
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in v... |
MEDIUM |
2024-10-15 |
View Details |
| CVE-2024-9981 |
The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote ... |
|
2024-10-15 |
View Details |
| CVE-2024-9506 |
Improper regular expression in Vue's parseHTML function leads to a potential regular expression deni... |
|
2024-10-15 |
View Details |
| CVE-2024-9954 |
Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentiall... |
|
2024-10-15 |
View Details |
| CVE-2024-9687 |
The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up ... |
HIGH |
2024-10-15 |
View Details |
| CVE-2024-9982 |
AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query paramete... |
CRITICAL |
2024-10-15 |
View Details |
| CVE-2024-48914 |
Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerabi... |
|
2024-10-15 |
View Details |
| CVE-2024-9594 |
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default cr... |
|
2024-10-15 |
View Details |
| CVE-2024-6757 |
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable t... |
MEDIUM |
2024-10-15 |
View Details |
| CVE-2024-9983 |
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing ... |
HIGH |
2024-10-15 |
View Details |
| CVE-2024-48913 |
Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery ... |
|
2024-10-15 |
View Details |
| CVE-2024-9486 |
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default cr... |
|
2024-10-15 |
View Details |
| CVE-2024-9548 |
The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the res... |
HIGH |
2024-10-15 |
View Details |
| CVE-2024-9984 |
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowin... |
CRITICAL |
2024-10-15 |
View Details |
| CVE-2024-48624 |
In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be explo... |
|
2024-10-15 |
View Details |
| CVE-2024-48783 |
An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via t... |
|
2024-10-15 |
View Details |
| CVE-2024-9546 |
The WPIDE – File Manager & Code Editor plugin for WordPress is vulnerable to Full Path Disclosure ... |
MEDIUM |
2024-10-15 |
View Details |
| CVE-2024-9985 |
Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers... |
CRITICAL |
2024-10-15 |
View Details |
| CVE-2024-21172 |
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (componen... |
CRITICAL |
2024-10-15 |
View Details |
| CVE-2024-48623 |
In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET reque... |
|
2024-10-15 |
View Details |
| CVE-2024-48782 |
File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute... |
|
2024-10-15 |
View Details |
| CVE-2024-9986 |
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as cr... |
|
2024-10-15 |
View Details |
| CVE-2024-48622 |
A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject Java... |
|
2024-10-15 |
View Details |
| CVE-2024-48781 |
An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker ... |
|
2024-10-15 |
View Details |
| CVE-2024-47876 |
Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.... |
|
2024-10-15 |
View Details |
| CVE-2024-48779 |
An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to ... |
|
2024-10-15 |
View Details |
| CVE-2024-47874 |
Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.4... |
|
2024-10-15 |
View Details |
| CVE-2024-48714 |
In TP-Link TL-WDR7660 v1.0, the guestRuleJsonToBin function handles the parameter string name withou... |
|
2024-10-15 |
View Details |
| CVE-2024-47824 |
matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client int... |
|
2024-10-15 |
View Details |