All CVEs — 2024 (Page 305/307)

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0

2024-01-06

High

CVE-2023-50612

Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter.

CVSS: 7.8 CWE: CWE-276

2024-01-05

High

CVE-2024-21642

D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on…

CVSS: 7.5 CWE: CWE-918

Medium

CVE-2024-21641

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) dom…

CVSS: 6.5 CWE: CWE-601

High

CVE-2024-0247

A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulati…

CVSS: 7.3 CWE: CWE-89

High

CVE-2023-47560

An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed th…

CVSS: 7.4 CWE: CWE-77

Medium

CVE-2023-47559

A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have alread…

CVSS: 5.5 CWE: CWE-79

Low

CVE-2023-47219

A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the v…

CVSS: 3.5 CWE: CWE-89

Low

CVE-2023-46837

Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) ha…

CVSS: 3.3 CWE: CWE-119

Medium

CVE-2023-46835

The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table leve…

CVSS: 5.5 CWE: CWE-787

Low

CVE-2023-45044

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators…

CVSS: 3.8 CWE: CWE-120

Low

CVE-2023-45043

CVSS: 3.8 CWE: CWE-120

Low

CVE-2023-45042

CVSS: 3.8 CWE: CWE-120

Low

CVE-2023-45041

CVSS: 3.8 CWE: CWE-120

Low

CVE-2023-45040

CVSS: 3.8 CWE: CWE-120

Low

CVE-2023-45039

CVSS: 3.8 CWE: CWE-120

Medium

CVE-2023-41289

An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed…

CVSS: 6.3 CWE: CWE-78

High

CVE-2023-41288

An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulner…

CVSS: 8.8 CWE: CWE-78

Medium

CVE-2023-41287

A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerabi…

CVSS: 4.3 CWE: CWE-89

High

CVE-2023-39296

A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones tha…

CVSS: 7.5 CWE: CWE-1321

Medium

CVE-2023-39294

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands…

CVSS: 6.6 CWE: CWE-78

High

CVE-2023-34326

The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of t…

CVSS: 7.8 CWE: CWE-672

High

CVE-2023-34325

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of the…

CVSS: 7.8 CWE: CWE-787

Medium

CVE-2023-34324

Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen conso…

CVSS: 4.9 CWE: CWE-400

Medium

CVE-2023-34323

When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has b…

CVSS: 5.5 CWE: CWE-476

High

CVE-2023-34322

For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV…

CVSS: 7.8 CWE: CWE-273

Low

CVE-2023-34321

CVSS: 3.3 CWE: CWE-119

Medium

CVE-2024-0246

A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation o…

CVSS: 4.3 CWE: CWE-79

Medium

CVE-2023-52126

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email.This issue affects Send Users Email: from n/a through 1.4.3.

CVSS: 5.3 CWE: CWE-200

Medium

CVE-2023-52125

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly iframe allows Stored XSS.This issue affects iframe: from n/a through 4.8.

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2023-52124

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs – Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affe…

CVSS: 6.5 CWE: CWE-79

Medium

CVE-2023-52151

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator – Automate everything with the #1 no-code automation and integration plugi…

CVSS: 5.3 CWE: CWE-200

Medium

CVE-2023-52148

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.30.

CVSS: 5.3 CWE: CWE-200

Medium

CVE-2023-52146

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0.

CVSS: 5.3 CWE: CWE-532

High

CVE-2023-52143

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37.

CVSS: 7.5 CWE: CWE-532

Critical

CVE-2022-46839

Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/…

CVSS: 10.0 CWE: CWE-434

Medium

CVE-2023-52122

Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6.

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2023-52121

Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – C…

CVSS: 5.4 CWE: CWE-352

Medium

CVE-2023-52120

Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much…

CVSS: 5.4 CWE: CWE-352

Medium

CVE-2023-52119

Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2023-51678

Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.0.33.

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2023-51673

Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List – Price Table Builder & QR Code R…

CVSS: 5.4 CWE: CWE-352

Medium

CVE-2023-51668

Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress.This issue affects Inline Image Upload for BBPress: from n/a through 1.1.18.

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2023-51539

Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.1.

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2023-51538

Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin:…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2023-51535

Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanT…

CVSS: 4.3 CWE: CWE-352

High

CVE-2023-50991

Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function.

CVSS: 7.5 CWE: CWE-120

Medium

CVE-2023-52149

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0.

CVSS: 5.4 CWE: CWE-352

Medium

CVE-2023-52145

Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.This issue affects Republish Old Posts: from n/a through 1.21.

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2023-52136

Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget: fr…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2023-52130

Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31.

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2023-52129

Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4.

CVSS: 6.3 CWE: CWE-352

Medium

CVE-2023-52128

Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label – WordPress Custom Admin, Custo…

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2023-52127

Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce.This issue affects WPC Product Bundles for WooCommerce: from n/a through 7.3.1.

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2023-52123

Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10.

CVSS: 4.3 CWE: CWE-352

Critical

CVE-2023-50027

SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via Ba…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2020-13880

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write.

CVSS: 9.8 CWE: CWE-787

Medium

CVE-2023-52184

Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.6.

CVSS: 4.3 CWE: CWE-352

Medium

CVE-2023-52178

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MojofyWP WP Affiliate Disclosure allows Stored XSS.This issue affects WP Affiliate Disclosure: fr…

CVSS: 6.5 CWE: CWE-79

High

CVE-2023-52150

Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor.This issue affects Dynamic Content for Elementor: from n/a before 2.12.5.

CVSS: 8.8 CWE: CWE-352

High

CVE-2023-51502

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1.

CVSS: 7.5 CWE: CWE-639

Critical

CVE-2020-13879

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2020-13878

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2024-22088

Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.

CVSS: 9.8 CWE: CWE-416

Critical

CVE-2024-22087

route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution.

CVSS: 9.8 CWE: CWE-787

Critical

CVE-2024-22086

handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution.

CVSS: 9.8 CWE: CWE-787

Medium

CVE-2023-52323

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.

CVSS: 5.9 CWE: CWE-203

Medium

CVE-2024-22075

Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2023-6493

The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to…

CVSS: 4.3 CWE: CWE-352

Low

CVE-2023-41782

There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.

CVSS: 3.9 CWE: CWE-20

2024-01-04

Critical

CVE-2024-22051

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, pot…

CVSS: 9.8 CWE: CWE-190

High

CVE-2024-22050

Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.

CVSS: 7.5 CWE: CWE-22

Medium

CVE-2024-22049

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data upl…

CVSS: 5.3 CWE: CWE-472

Medium

CVE-2024-22048

govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is…

CVSS: 6.1 CWE: CWE-79

Low

CVE-2024-22047

A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.

CVSS: 3.1 CWE: CWE-362

High

CVE-2024-0241

encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sen…

CVSS: 7.5 CWE: CWE-400

Medium

CVE-2024-21636

view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has…

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2023-51812

Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList.

CVSS: 9.8 CWE: CWE-77

Critical

CVE-2023-51154

Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.

CVSS: 9.8 CWE: CWE-200

High

CVE-2023-6270

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered…

CVSS: 7.0 CWE: CWE-416

Medium

CVE-2023-6551

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of…

CVSS: 5.4 CWE: CWE-434

High

CVE-2024-21625

SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the applicat…

CVSS: 8.8 CWE: CWE-20

Critical

CVE-2023-50867

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and th…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-50866

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and the…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-50865

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they ar…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-50864

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and the…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-50863

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters receive…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-50862

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and th…

CVSS: 9.8 CWE: CWE-89

High

CVE-2023-50760

Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Co…

CVSS: 8.8 CWE: CWE-434

Medium

CVE-2023-3726

OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.

CVSS: 6.9 CWE: CWE-79

Critical

CVE-2023-50753

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters re…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-50752

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-50743

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-49666

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the character…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-49665

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters rec…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-49658

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-49639

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characte…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-49633

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters r…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-49625

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received a…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-49624

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and…

CVSS: 9.8 CWE: CWE-89

Critical

CVE-2023-49622

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the c…

CVSS: 9.8 CWE: CWE-89

Medium

CVE-2023-6992

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validat…

CVSS: 4.0 CWE: CWE-20

High

CVE-2021-45465

A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-…

CVSS: 7.8 CWE: CWE-123

High

CVE-2021-42028

CVSS: 7.8 CWE: CWE-787

High

CVE-2021-40367

A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-b…

CVSS: 7.8 CWE: CWE-787

Medium

CVE-2023-7044

The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up…

CVSS: 6.4 CWE: CWE-79

Medium

CVE-2023-6944

A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the…

CVSS: 5.7 CWE: CWE-209

Medium

CVE-2022-3864

A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker c…

CVSS: 4.5 CWE: CWE-347

High

CVE-2022-2081

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by se…

CVSS: 7.5 CWE: CWE-787

Medium

CVE-2023-50630

Cross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2023-41784

Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro

CVSS: 6.6 CWE: CWE-269

Medium

CVE-2023-52322

ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.

CVSS: 6.1 CWE: CWE-79

Medium

CVE-2023-29962

S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.

CVSS: 6.5 CWE: CWE-22

Medium

CVE-2023-6738

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code', 'pagelayer_body_open_code', and 'pagelay…

CVSS: 5.4 CWE: CWE-79

Medium

CVE-2023-6733

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible…

CVSS: 6.5 CWE: CWE-862

Medium

CVE-2023-6498

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanit…

CVSS: 4.4 CWE: CWE-79

High

CVE-2024-0225

Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416

High

CVE-2024-0224

Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-416

High

CVE-2024-0223

Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS: 8.8 CWE: CWE-787

High

CVE-2024-0222

Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Ch…

CVSS: 8.8 CWE: CWE-416

Low

CVE-2024-20805

Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary f…

CVSS: 3.3 CWE: CWE-22