Export limit exceeded: 343533 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343533 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47050 | 1 Acquia | 1 Mautic | 2024-09-27 | 5.4 Medium |
| Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable. | ||||
| CVE-2024-0005 | 1 Purestorage | 4 Flasharray, Flashblade, Purity\/\/fa and 1 more | 2024-09-27 | 9.1 Critical |
| A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | ||||
| CVE-2021-27917 | 1 Acquia | 1 Mautic | 2024-09-27 | 7.3 High |
| Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. | ||||
| CVE-2024-37779 | 1 Woodwing Elvis Dam | 1 Woodwing Elvis Dam | 2024-09-27 | 8.8 High |
| WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality. | ||||
| CVE-2024-44063 | 1 Happyforms | 1 Happyforms | 2024-09-27 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0. | ||||
| CVE-2024-0004 | 1 Purestorage | 2 Flasharray, Purity\/\/fa | 2024-09-27 | 9.1 Critical |
| A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. | ||||
| CVE-2024-0003 | 1 Purestorage | 2 Flasharray, Purity\/\/fa | 2024-09-27 | 9.1 Critical |
| A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. | ||||
| CVE-2024-0002 | 1 Purestorage | 2 Flasharray, Purity\/\/fa | 2024-09-27 | 10 Critical |
| A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. | ||||
| CVE-2024-0001 | 1 Purestorage | 2 Flasharray, Purity\/\/fa | 2024-09-27 | 10 Critical |
| A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | ||||
| CVE-2024-44060 | 1 Jenniferhall | 1 Filmix | 2024-09-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jennifer Hall Filmix allows Reflected XSS.This issue affects Filmix: from n/a through 1.1. | ||||
| CVE-2024-8770 | 1 Github | 1 Enterprise Server | 2024-09-27 | 6.1 Medium |
| A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-5799 | 2 Cminds, Creativemindssolutions | 2 Cm Popup, Cm Pop-up Banners | 2024-09-26 | 4.8 Medium |
| The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks. | ||||
| CVE-2024-6887 | 2 Rafflepress, Seedprod | 2 Giveaways And Contests By Rafflepress, Rafflepress | 2024-09-26 | 4.8 Medium |
| The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-7766 | 1 Erichamby | 1 Adicon Server | 2024-09-26 | 7.2 High |
| The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | ||||
| CVE-2024-7816 | 2 Adeelraza, Gixaw Chat | 2 Gixaw Chat, Gixaw Chat | 2024-09-26 | 6.1 Medium |
| The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2024-45750 | 1 Thegreenbow | 5 Android Vpn, Vpn Client Linux, Vpn Client Macos and 2 more | 2024-09-26 | 7.3 High |
| An issue in TheGreenBow Windows Standard VPN Client 6.87.108 (and older), Windows Enterprise VPN Client 6.87.109 (and older), Windows Enterprise VPN Client 7.5.007 (and older), Android VPN Client 6.4.5 (and older) VPN Client Linux 3.4 (and older), VPN Client MacOS 2.4.10 (and older) allows a remote attacker to execute arbitrary code via the IKEv2 Authentication phase, it accepts malformed ECDSA signatures and establishes the tunnel. | ||||
| CVE-2024-45606 | 1 Sentry | 1 Sentry | 2024-09-26 | 7.1 High |
| Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we have identified no instances where alerts have been muted by unauthorized parties. A patch was issued to ensure authorization checks are properly scoped on requests to mute alert rules. Authenticated users who do not have the necessary permissions are no longer able to mute alerts. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version **24.9.0** or higher. The rule mute feature was generally available as of 23.6.0 but users with early access may have had the feature as of 23.4.0. Affected users are advised to upgrade to version 24.9.0. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-45605 | 1 Sentry | 1 Sentry | 2024-09-26 | 6.5 Medium |
| Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert notifications. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 24.9.0 or higher. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-47088 | 1 Apexsoftcell | 2 Ld Dp Back Office, Ld Geo | 2024-09-26 | 9.8 Critical |
| This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to other user accounts. | ||||
| CVE-2024-47089 | 1 Apexsoftcell | 2 Ld Dp Back Office, Ld Geo | 2024-09-26 | 6.5 Medium |
| This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating the transaction token ID in the API request leading to unauthorized access and modification of transactions belonging to other users. | ||||