Export limit exceeded: 334989 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 334989 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334989 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6835 | 1 Ivorysearch | 1 Ivory Search | 2024-09-11 | 5.3 Medium |
| The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form | ||||
| CVE-2024-7627 | 1 Bitapps | 1 File Manager | 2024-09-11 | 8.1 High |
| The Bit File Manager plugin for WordPress is vulnerable to Remote Code Execution in versions 6.0 to 6.5.5 via the 'checkSyntax' function. This is due to writing a temporary file to a publicly accessible directory before performing file validation. This makes it possible for unauthenticated attackers to execute code on the server if an administrator has allowed Guest User read permissions. | ||||
| CVE-2024-39808 | 2024-09-11 | 4.6 Medium | ||
| Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service. This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior. | ||||
| CVE-2024-24972 | 1 Gallagher | 2 Controller 6000, Controller 7000 | 2024-09-11 | 6.5 Medium |
| Buffer Copy without Checking Size of Input (CWE-120) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authorised and authenticated operator to reboot the Controller, causing a Denial of Service. Gallagher recommend the diagnostic web page is not enabled (default is off) unless advised by Gallagher Technical support. This interface is intended only for diagnostic purposes. This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior. | ||||
| CVE-2024-23906 | 1 Gallagher | 2 Controller 6000, Controller 7000 | 2024-09-11 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation (CWE-79) in the Controller 6000 and Controller 7000 diagnostic webpage allows an attacker to modify Controller configuration during an authenticated Operator's session. This issue affects: Controller 6000 and Controller 7000 9.10 prior to vCR9.10.240816a (distributed in 9.10.1530 (MR2)), 9.00 prior to vCR9.00.240816a (distributed in 9.00.2168 (MR4)), 8.90 prior to vCR8.90.240816a (distributed in 8.90.2155 (MR5)), 8.80 prior to vCR8.80.240816b (distributed in 8.80.1938 (MR6)), all versions of 8.70 and prior. | ||||
| CVE-2024-44844 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-09-11 | 8 High |
| DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function. | ||||
| CVE-2024-44845 | 1 Draytek | 2 Vigor3900, Vigor3900 Firmware | 2024-09-11 | 8 High |
| DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function. | ||||
| CVE-2024-6852 | 2 Ngothang, Thangnv27 | 2 Wp Multitasking, Wp Multitasking | 2024-09-11 | 6.5 Medium |
| The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-6853 | 2 Ngothang, Thangnv27 | 2 Wp Multitasking, Wp Multitasking | 2024-09-11 | 6.5 Medium |
| The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack | ||||
| CVE-2024-6855 | 2 Ngothang, Thangnv27 | 2 Wp Multitasking, Wp Multitasking | 2024-09-11 | 6.5 Medium |
| The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack | ||||
| CVE-2024-6856 | 2 Ngothang, Thangnv27 | 2 Wp Multitasking, Wp Multitasking | 2024-09-11 | 6.5 Medium |
| The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | ||||
| CVE-2024-6859 | 2 Ngothang, Thangnv27 | 2 Wp Multitasking, Wp Multitasking | 2024-09-11 | 5.4 Medium |
| The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2024-6924 | 1 Themetechmount | 2 Truebooker, Truebooker-appointment-booking | 2024-09-11 | 9.8 Critical |
| The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | ||||
| CVE-2024-6925 | 1 Themetechmount | 2 Truebooker, Truebooker-appointment-booking | 2024-09-11 | 4.3 Medium |
| The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | ||||
| CVE-2024-8570 | 2 Angeljudesuarez, Itsourcecode | 2 Tailoring Management System, Tailoring Management System | 2024-09-11 | 6.3 Medium |
| A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /inccatadd.php. The manipulation of the argument title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8571 | 1 Erjemin | 1 Roll Cms | 2024-09-11 | 3.5 Low |
| A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file roll_cms/roll_cms/views.py. The manipulation leads to information exposure through error message. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2024-8572 | 1 Gouniverse | 1 Golang Cms | 2024-09-11 | 3.5 Low |
| A vulnerability was found in Gouniverse GoLang CMS 1.4.0. It has been declared as problematic. This vulnerability affects the function PageRenderHtmlByAlias of the file FrontendHandler.go. The manipulation of the argument alias leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.4.1 is able to address this issue. The patch is identified as 3e661cdfb4beeb9fe2ad507cdb8104c0b17d072c. It is recommended to upgrade the affected component. | ||||
| CVE-2024-42341 | 1 Loway | 1 Queuemetrics | 2024-09-11 | 6.1 Medium |
| Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | ||||
| CVE-2024-42342 | 1 Loway | 1 Queuemetrics | 2024-09-11 | 4.3 Medium |
| Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') | ||||
| CVE-2024-42343 | 1 Loway | 1 Queuemetrics | 2024-09-11 | 5.3 Medium |
| Loway - CWE-204: Observable Response Discrepancy | ||||