Export limit exceeded: 336589 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336589 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49257 | 1 Denis | 1 Azz Anonim Posting | 2024-10-16 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through 0.9. | ||||
| CVE-2024-47645 | 1 Sajidjaved | 1 Top Bar-popups-by Wpoptin | 2024-10-16 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sajid Javed Top Bar – PopUps – by WPOptin allows PHP Local File Inclusion.This issue affects Top Bar – PopUps – by WPOptin: from n/a through 2.0.1. | ||||
| CVE-2024-22030 | 1 Suse | 1 Rancher | 2024-10-16 | 8 High |
| A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL. | ||||
| CVE-2024-49260 | 1 Limb | 1 Limb Image Gallery | 2024-10-16 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. | ||||
| CVE-2024-49258 | 2024-10-16 | 6.5 Medium | ||
| Path Traversal: '.../...//' vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. | ||||
| CVE-2024-49254 | 1 Sunjianle | 1 Ajax Extend | 2024-10-16 | 10 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Sunjianle allows Code Injection.This issue affects ajax-extend: from n/a through 1.0. | ||||
| CVE-2024-49242 | 1 Shafiq | 1 Digital Library | 2024-10-16 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5. | ||||
| CVE-2024-49227 | 1 Innovawebspzoo | 1 Free Stock Photos Foter | 2024-10-16 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Innovaweb Sp. Z o.O. Free Stock Photos Foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through 1.5.4. | ||||
| CVE-2024-49218 | 1 Recently Project | 1 Recently | 2024-10-16 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently allows Object Injection.This issue affects Recently: from n/a through 1.1. | ||||
| CVE-2024-49216 | 1 Joshua Clayton | 1 Feed Comments Number | 2024-10-16 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Clayton Feed Comments Number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: from n/a through 0.2.1. | ||||
| CVE-2024-48042 | 1 Supsystic | 1 Contact Form | 2024-10-16 | 9.1 Critical |
| Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Contact Form by Supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through 1.7.28. | ||||
| CVE-2024-48034 | 1 Fliperr Team | 1 Creates 3d Flipbook Pdf Flipbook | 2024-10-16 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Fliperrr Team Creates 3D Flipbook, PDF Flipbook allows Upload a Web Shell to a Web Server.This issue affects Creates 3D Flipbook, PDF Flipbook: from n/a through 1.2. | ||||
| CVE-2024-48026 | 1 Grayson Robbins | 1 Disc Golf Manager | 2024-10-16 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Grayson Robbins Disc Golf Manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through 1.0.0. | ||||
| CVE-2024-47649 | 1 Thatplugin | 1 Iconize | 2024-10-16 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize.This issue affects Iconize: from n/a through 1.2.4. | ||||
| CVE-2024-47351 | 1 Thecssigniterteam | 1 Maxslider | 2024-10-16 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The CSSIgniter Team MaxSlider allows Path Traversal.This issue affects MaxSlider: from n/a through 1.2.3. | ||||
| CVE-2024-8040 | 2024-10-16 | 7.7 High | ||
| An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an authenticated attacker to access some unauthorized data. | ||||
| CVE-2024-22033 | 2024-10-16 | 6.3 Medium | ||
| The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps | ||||
| CVE-2024-9652 | 2024-10-16 | 6.1 Medium | ||
| The Locatoraid Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST keys in all versions up to, and including, 3.9.47 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2020-36839 | 2024-10-16 | 8.3 High | ||
| The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions, such as adding pages to the site and/or replacing site content with malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-47637 | 1 Litespeed Technologies | 1 Litespeed Cache | 2024-10-16 | 8.8 High |
| : Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through 6.4.1. | ||||