Export limit exceeded: 336617 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336617 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42017 | 2024-10-29 | 10 Critical | ||
| An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication. | ||||
| CVE-2024-30124 | 2024-10-29 | 4 Medium | ||
| HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously. | ||||
| CVE-2024-50481 | 1 Stack Themes | 1 Bstone Demo Importer | 2024-10-29 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Stack Themes Bstone Demo Importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through 1.0.1. | ||||
| CVE-2024-50476 | 1 Grun Software Group | 1 Spendino Spendenformular | 2024-10-29 | 9.8 Critical |
| Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular allows Privilege Escalation.This issue affects GRÜN spendino Spendenformular: from n/a through 1.0.1. | ||||
| CVE-2024-50475 | 1 Scott Gamon | 1 Signup Page | 2024-10-29 | 9.8 Critical |
| Missing Authorization vulnerability in Scott Gamon Signup Page allows Privilege Escalation.This issue affects Signup Page: from n/a through 1.0. | ||||
| CVE-2024-10189 | 1 Jesweb | 1 Anchor Episodes Index | 2024-10-29 | 6.4 Medium |
| The Anchor Episodes Index (Spotify for Podcasters) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's anchor_episodes shortcode in all versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-10185 | 2024-10-29 | 6.4 Medium | ||
| The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-youtube-embed shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-49321 | 1 Colorlib | 1 Simple Custom Post Order | 2024-10-29 | 4.3 Medium |
| Missing Authorization vulnerability in Colorlib Simple Custom Post Order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through 2.5.7. | ||||
| CVE-2024-50482 | 1 Chetan Khandla | 1 Woocommerce Product Design | 2024-10-29 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through 1.0.0. | ||||
| CVE-2024-50473 | 1 Ajar Productions | 1 Ajar In5 Embed | 2024-10-29 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through 3.1.3. | ||||
| CVE-2024-50420 | 1 Adirectory | 1 Adirectory | 2024-10-29 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in adirectory aDirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through 1.3. | ||||
| CVE-2024-50490 | 1 Szabolcs Szecsenyi | 1 Pegapoll | 2024-10-29 | 9.8 Critical |
| Missing Authorization vulnerability in Szabolcs Szecsenyi PegaPoll allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PegaPoll: from n/a through 1.0.2. | ||||
| CVE-2024-50485 | 1 Udit Rawat | 1 Exam Matrix | 2024-10-29 | 9.8 Critical |
| : Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through 1.5. | ||||
| CVE-2024-50480 | 1 Azexo | 1 Marketing Automation By Azexo | 2024-10-29 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO allows Upload a Web Shell to a Web Server.This issue affects Marketing Automation by AZEXO: from n/a through 1.27.80. | ||||
| CVE-2024-50427 | 1 Devsoft Baltic | 1 Surveyjs | 2024-10-29 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136. | ||||
| CVE-2024-49293 | 1 Rextheme | 1 Wp Vr | 2024-10-29 | 4.3 Medium |
| Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.4. | ||||
| CVE-2024-10436 | 1 Wpclever | 1 Wpc Smart Messages For Woocommerce | 2024-10-29 | 8.8 High |
| The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-50550 | 1 Litespeed Technologies | 1 Litespeed Cache | 2024-10-29 | 8.1 High |
| Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through 6.5.1. | ||||
| CVE-2024-9438 | 2024-10-29 | 6.1 Medium | ||
| The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'change_service' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-10048 | 2024-10-29 | 6.1 Medium | ||
| The Post Status Notifier Lite and Premium plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.11.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||