Export limit exceeded: 18593 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350298 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350298 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41732 | 1 Sap | 1 Netweaver Application Server Abap | 2024-09-11 | 4.7 Medium |
| SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read or modify information. There is no impact on availability of application. | ||||
| CVE-2024-8317 | 1 Wpeka | 1 Wp Adcenter | 2024-09-11 | 6.4 Medium |
| The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ad_alignment’ attribute in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-8427 | 1 Wpshuffle | 1 Frontend Post Submission Manager | 2024-09-11 | 4.3 Medium |
| The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_global_settings and process_form_edit functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings and forms. | ||||
| CVE-2024-39627 | 1 Imagely | 1 Nextgen Gallery | 2024-09-11 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.This issue affects NextGEN Gallery: from n/a through 3.59.3. | ||||
| CVE-2024-39629 | 1 Themegrill | 1 Himalayas | 2024-09-11 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.2. | ||||
| CVE-2024-39643 | 1 Metagauss | 1 Registrationmagic | 2024-09-11 | 5.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1. | ||||
| CVE-2024-39644 | 1 Modernaweb | 1 Black Widgets For Elementor | 2024-09-11 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.5. | ||||
| CVE-2024-8041 | 1 Gitlab | 1 Gitlab | 2024-09-11 | 6.5 Medium |
| A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. A denial of service could occur upon importing a maliciously crafted repository using the GitHub importer. | ||||
| CVE-2024-6502 | 1 Gitlab | 1 Gitlab | 2024-09-11 | 5.7 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag. | ||||
| CVE-2024-8363 | 2 Mihail Barinov, Share-this-image | 2 Share This Image, Share This Image | 2024-09-11 | 6.4 Medium |
| The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-7627 | 1 Bitapps | 1 File Manager | 2024-09-11 | 8.1 High |
| The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions. | ||||
| CVE-2024-44844 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-09-11 | 8 High |
| DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function. | ||||
| CVE-2024-44845 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-09-11 | 8 High |
| DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function. | ||||
| CVE-2024-6852 | 2 Ngothang, Thangnv27 | 2 Wp Multitasking, Wp Multitasking | 2024-09-11 | 6.5 Medium |
| The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-6853 | 2 Ngothang, Thangnv27 | 2 Wp Multitasking, Wp Multitasking | 2024-09-11 | 6.5 Medium |
| The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack | ||||
| CVE-2024-6855 | 2 Ngothang, Thangnv27 | 2 Wp Multitasking, Wp Multitasking | 2024-09-11 | 6.5 Medium |
| The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack | ||||
| CVE-2024-6856 | 2 Ngothang, Thangnv27 | 2 Wp Multitasking, Wp Multitasking | 2024-09-11 | 6.5 Medium |
| The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-6859 | 2 Ngothang, Thangnv27 | 2 Wp Multitasking, Wp Multitasking | 2024-09-11 | 5.4 Medium |
| The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-6924 | 1 Themetechmount | 2 Truebooker, Truebooker-appointment-booking | 2024-09-11 | 9.8 Critical |
| The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | ||||
| CVE-2024-6925 | 1 Themetechmount | 2 Truebooker, Truebooker-appointment-booking | 2024-09-11 | 4.3 Medium |
| The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | ||||