Export limit exceeded: 336559 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336559 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49263 | 2024-10-18 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Takashi Matsuyama My Favorites allows Stored XSS.This issue affects My Favorites: from n/a through 1.4.1. | ||||
| CVE-2024-49262 | 2024-10-18 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wepic Country Flags for Elementor allows Stored XSS.This issue affects Country Flags for Elementor: from n/a through 1.0.1. | ||||
| CVE-2024-49248 | 2024-10-18 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Igor Funa Ad Inserter allows Reflected XSS.This issue affects Ad Inserter: from n/a through 2.7.37. | ||||
| CVE-2024-48047 | 2024-10-18 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Razon Komar Pal Linked Variation for WooCommerce allows Cross Site Request Forgery.This issue affects Linked Variation for WooCommerce: from n/a through 1.0.5. | ||||
| CVE-2024-48025 | 2024-10-18 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DOGROW.NET Simple Baseball Scoreboard allows Stored XSS.This issue affects Simple Baseball Scoreboard: from n/a through 1.3. | ||||
| CVE-2024-48037 | 2024-10-18 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.4.2. | ||||
| CVE-2024-8920 | 1 Vladolaru | 1 Fonto Custom Web Fonts Manager | 2024-10-18 | 6.4 Medium |
| The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2024-49319 | 2024-10-18 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in B.M. Rafiul Alam Awesome Contact Form7 for Elementor allows Stored XSS.This issue affects Awesome Contact Form7 for Elementor: from n/a through 3.0. | ||||
| CVE-2024-49305 | 1 Wpfactory | 1 Customer Email Verification For Woocommerce | 2024-10-18 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Email Verification for WooCommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through 2.8.10. | ||||
| CVE-2024-49291 | 1 Boxystudio | 1 Cooked | 2024-10-18 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0. | ||||
| CVE-2024-49287 | 1 Marco Heine | 1 Pdf-rechnungsverwaltung | 2024-10-18 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Marco Heine PDF-Rechnungsverwaltung allows PHP Local File Inclusion.This issue affects PDF-Rechnungsverwaltung: from n/a through 0.0.1. | ||||
| CVE-2024-49235 | 1 Videowhisper | 1 Contact Forms Live Support Crm Video Messages Plugin | 2024-10-18 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through 1.10.2. | ||||
| CVE-2024-48043 | 1 Shortpixel | 1 Shortpixel Image Optimizer | 2024-10-18 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ShortPixel ShortPixel Image Optimizer allows Blind SQL Injection.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3. | ||||
| CVE-2024-43997 | 2024-10-18 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in easy.Jobs EasyJobs allows Reflected XSS.This issue affects EasyJobs: from n/a through 2.4.14. | ||||
| CVE-2024-9414 | 2024-10-18 | N/A | ||
| In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerability could allow an attacker to inject arbitrary code into a web page. This could allow an attacker to steal cookies, redirect users, or perform unauthorized actions. | ||||
| CVE-2024-48920 | 1 Putongoj | 1 Putongoj | 2024-10-18 | 9.1 Critical |
| PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually. | ||||
| CVE-2024-9471 | 1 Paloaltonetworks | 1 Pan-os | 2024-10-18 | 4.7 Medium |
| A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with "Virtual system administrator (read-only)" access could use an XML API key of a "Virtual system administrator" to perform write operations on the virtual system configuration even though they should be limited to read-only operations. | ||||
| CVE-2024-9470 | 1 Paloaltonetworks | 1 Cortex Xsoar | 2024-10-18 | N/A |
| A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data. | ||||
| CVE-2024-9469 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2024-10-18 | 5.5 Medium |
| A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. | ||||
| CVE-2024-9467 | 1 Paloaltonetworks | 1 Expedition | 2024-10-18 | 6.1 Medium |
| A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft. | ||||