Export limit exceeded: 342293 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342293 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8743 | 1 Bitapps | 1 File Manager | 2024-10-07 | 6.8 Medium |
| The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 6.5.7. This is due to a lack of proper checks on allowed file types. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting. | ||||
| CVE-2024-47848 | 1 Wikimedia | 1 Pagetriage | 2024-10-07 | N/A |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | ||||
| CVE-2024-47764 | 2024-10-07 | 3.7 Low | ||
| cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain. | ||||
| CVE-2024-45250 | 2024-10-07 | 4.3 Medium | ||
| ZKteco – CWE 200 Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-45248 | 1 Multi-dnc | 1 Multi-dnc | 2024-10-07 | 7.5 High |
| Multi-DNC – CWE-35: Path Traversal: '.../...//' | ||||
| CVE-2024-45247 | 2024-10-07 | 6.1 Medium | ||
| Sonarr – CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | ||||
| CVE-2024-45246 | 1 Dieboldnixdorf | 1 Vynamic View | 2024-10-07 | 7.3 High |
| Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element | ||||
| CVE-2024-45245 | 1 Dieboldnixdorf | 1 Vynamic View | 2024-10-07 | 7.8 High |
| Diebold Nixdorf – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-9554 | 1 Sovell | 1 Smart Canteen System | 2024-10-07 | 3.7 Low |
| A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303.30513. Affected by this vulnerability is the function Check_ET_CheckPwdz201 of the file suanfa.py of the component Password Reset Handler. The manipulation leads to authorization bypass. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-47372 | 2024-10-07 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 3.1.0. | ||||
| CVE-2024-44029 | 2024-10-07 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in David Garlitz viala allows Reflected XSS.This issue affects viala: from n/a through 1.3.1. | ||||
| CVE-2024-45251 | 1 Elsight | 1 Halo Firmware | 2024-10-07 | 9.8 Critical |
| Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | ||||
| CVE-2024-45252 | 1 Elsight | 1 Halo Firmware | 2024-10-07 | 9.8 Critical |
| Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | ||||
| CVE-2024-6928 | 2 Opti.marketing, Optimarketing | 2 Opti Marketing, Opti Marketing | 2024-10-07 | 9.8 Critical |
| The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | ||||
| CVE-2024-5561 | 2 Code-atlantic, Popup Maker | 2 Popup Maker, Popup Maker Wp | 2024-10-07 | 4.8 Medium |
| The Popup Maker WordPress plugin before 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-6910 | 2 Eventon Wordpress Plugin, Myeventon | 2 Eventon Wordpress Plugin, Eventon | 2024-10-07 | 4.8 Medium |
| The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | ||||
| CVE-2024-7689 | 2 Snapshot Backup Project, Versluis | 2 Snapshot Backup, Snapshot-backup | 2024-10-07 | 4.7 Medium |
| The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-7687 | 2 Azindex Project, Azindex Wordpress Plugin | 2 Azindex, Azindex Wordpress Plugin | 2024-10-07 | 6.1 Medium |
| The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-7688 | 2 Azindex Project, Azindex Wordpress Plugin | 2 Azindex, Azindex Wordpress Plugin | 2024-10-07 | 6.5 Medium |
| The AZIndex WordPress plugin through 0.8.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin delete arbitrary indexes via a CSRF attack | ||||
| CVE-2024-20343 | 2 Cisco, Linux | 2 Ios Xr, Linux Kernel | 2024-10-07 | 5.5 Medium |
| A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device. This vulnerability is due to incorrect validation of the arguments that are passed to a specific CLI command. An attacker could exploit this vulnerability by logging in to an affected device with low-privileged credentials and using the affected command. A successful exploit could allow the attacker access files in read-only mode on the Linux file system. | ||||