Export limit exceeded: 334497 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334497 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7651 | 1 Appcheap | 1 App Builder | 2024-08-31 | 5.6 Medium |
| The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to limited SQL Injection via the ‘app-builder-search’ parameter in all versions up to, and including, 4.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-7032 | 1 Zaytech | 1 Smart Online Order For Clover | 2024-08-31 | 6.5 Medium |
| The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin and drop all plugin tables from the database. | ||||
| CVE-2024-7030 | 1 Zaytech | 1 Smart Online Order For Clover | 2024-08-31 | 4.3 Medium |
| The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update product and category descriptions, category titles and images, and sort order. | ||||
| CVE-2024-42939 | 1 Yzncms | 1 Yzncms | 2024-08-31 | 4.6 Medium |
| A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field. | ||||
| CVE-2022-4538 | 2024-08-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2022-4528 | 2024-08-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2022-4412 | 2024-08-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-42379 | 2024-08-30 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-4540 | 2024-08-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2022-4530 | 2024-08-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2022-4424 | 2024-08-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-42337 | 1 Cyberark | 1 Identity | 2024-08-30 | 4.3 Medium |
| CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-42338 | 1 Cyberark | 1 Identity | 2024-08-30 | 4.3 Medium |
| CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-42340 | 1 Cyberark | 1 Identity | 2024-08-30 | 8.3 High |
| CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security | ||||
| CVE-2024-42339 | 1 Cyberark | 1 Identity | 2024-08-30 | 4.3 Medium |
| CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-38869 | 1 Zohocorp | 4 Manageengine Endpoint Central, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2024-08-30 | 8.3 High |
| Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25. | ||||
| CVE-2024-41889 | 1 Pimax | 2 Pitool, Play | 2024-08-30 | 8.8 High |
| Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker. | ||||
| CVE-2024-6118 | 1 Hamastar | 1 Meetinghub Paperless Meetings | 2024-08-30 | 9.1 Critical |
| A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to the product via an XML file. | ||||
| CVE-2024-6117 | 1 Hamastar | 1 Meetinghub Paperless Meetings | 2024-08-30 | 8.8 High |
| A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file. | ||||
| CVE-2024-45232 | 2 In2code, Typo3 | 2 Powermail, Typo3 | 2024-08-30 | 7.3 High |
| An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated attacker can use this to display the user-submitted data of all forms persisted by the extension. This can only be exploited when the extension is configured to save submitted form data to the database (plugin.tx_powermail.settings.db.enable=1), which however is the default setting of the extension. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0 | ||||