Export limit exceeded: 337656 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337656 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43338 | 2024-11-19 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Cross Site Request Forgery.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.1.2. | ||||
| CVE-2024-52583 | 2024-11-19 | 8.2 High | ||
| The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page `schedule.html` before 17 November 2024 or commit 93dfb83 contains links to `Leostop`, a site that hosts a malicious injected JavaScript file that occurs when bootstrap is run as well as jquery. `Leostop` may be a tracking malware and creates 2 JavaScript files, but little else is known about it. The WesHacks website remove all references to `Leostop` as of 17 November 2024. | ||||
| CVE-2024-51637 | 2024-11-19 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Scott E. Royalty Admin SMS Alert allows Stored XSS.This issue affects Admin SMS Alert: from n/a through 1.1.0. | ||||
| CVE-2024-51051 | 1 Avscms | 1 Avscms | 2024-11-19 | 9.8 Critical |
| AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account. | ||||
| CVE-2024-50548 | 2024-11-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abdullah Nahian Awesome Progress Bar allows DOM-Based XSS.This issue affects Awesome Progress Bar: from n/a through 1.0.1. | ||||
| CVE-2024-33231 | 2024-11-19 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component. | ||||
| CVE-2024-52344 | 2024-11-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Junaid Provide Forex Signals allows Stored XSS.This issue affects Provide Forex Signals: from n/a through 1.0. | ||||
| CVE-2024-10486 | 1 Automattic | 1 Woocommerce | 2024-11-19 | 5.3 Medium |
| The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks. | ||||
| CVE-2024-11194 | 1 Techlabpro1 | 1 Classified Listing Plugin | 2024-11-19 | 8.8 High |
| The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array. | ||||
| CVE-2024-10204 | 1 Dassault | 1 Edrawings | 2024-11-19 | 7.8 High |
| Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in the X_B and SAT file reading procedure in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted X_B or SAT file. | ||||
| CVE-2024-51686 | 2024-11-19 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar, Surender Khokhar Manage User Columns allows Cross Site Request Forgery.This issue affects Manage User Columns: from n/a through 1.0.5. | ||||
| CVE-2024-51648 | 2024-11-19 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Hands, Inc e-shops allows Reflected XSS.This issue affects e-shops: from n/a through 1.0.3. | ||||
| CVE-2024-50543 | 2024-11-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amazing Team amazing neo icon font for elementor allows DOM-Based XSS.This issue affects amazing neo icon font for elementor: from n/a through 2.0.1. | ||||
| CVE-2024-52390 | 2024-11-19 | 4.9 Medium | ||
| : Path Traversal: '.../...//' vulnerability in CYAN Backup allows Path Traversal.This issue affects CYAN Backup: from n/a through 2.5.3. | ||||
| CVE-2024-52347 | 2024-11-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP website creator Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera allows Stored XSS.This issue affects Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera: from n/a through 4.0. | ||||
| CVE-2024-51939 | 2024-11-19 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Santhosh veer Stylish Internal Links allows DOM-Based XSS.This issue affects Stylish Internal Links: from n/a through 1.9. | ||||
| CVE-2024-52421 | 2024-11-19 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Popup Window Maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through 2.0. | ||||
| CVE-2024-52402 | 1 Cliconomics | 1 Exclusive Content Password Protect | 2024-11-19 | 9.6 Critical |
| Cross-Site Request Forgery (CSRF) vulnerability in Cliconomics Exclusive Content Password Protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a through 1.1.0. | ||||
| CVE-2024-52420 | 2024-11-19 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Disable Admin Notices individually allows Cross Site Request Forgery.This issue affects Disable Admin Notices individually: from n/a through 1.3.5. | ||||
| CVE-2022-47424 | 2024-11-19 | 5.4 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1. | ||||