Export limit exceeded: 333954 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333954 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38775 | 2024-08-02 | 7.2 High | ||
| Improper Privilege Management vulnerability in WebAppick CTX Feed allows Privilege Escalation.This issue affects CTX Feed: from n/a through 6.5.6. | ||||
| CVE-2024-1715 | 2024-08-02 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-34802. Reason: This candidate is a duplicate of CVE-2024-34802. Notes: All CVE users should reference CVE-2024-34802 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-39634 | 1 Ideabox | 1 Powerpack Pro For Elementor | 2024-08-02 | 8.8 High |
| Improper Privilege Management vulnerability in IdeaBox PowerPack Pro for Elementor allows Privilege Escalation.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.14. | ||||
| CVE-2024-39660 | 2024-08-02 | 5.9 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jordy Meow Photo Engine allows Stored XSS.This issue affects Photo Engine: from n/a through 6.3.1. | ||||
| CVE-2024-38746 | 2024-08-02 | 7.1 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in MakeStories Team MakeStories (for Google Web Stories) allows Path Traversal, Server Side Request Forgery.This issue affects MakeStories (for Google Web Stories): from n/a through 3.0.3. | ||||
| CVE-2024-41956 | 1 Charmbracelet | 1 Soft-serve | 2024-08-02 | 8.1 High |
| Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is that Soft Serve passes all environment variables given by the client to git subprocesses. This includes environment variables that control program execution, such as LD_PRELOAD. This vulnerability is fixed in 0.7.5. | ||||
| CVE-2023-52209 | 1 Wpforms | 1 Wpforms User Registration | 2024-08-02 | 8 High |
| Improper Privilege Management vulnerability in WPForms, LLC. WPForms User Registration allows Privilege Escalation.This issue affects WPForms User Registration: from n/a through 2.1.0. | ||||
| CVE-2024-39656 | 2024-08-02 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Uncanny Owl Tin Canny Reporting for LearnDash allows Reflected XSS.This issue affects Tin Canny Reporting for LearnDash: from n/a through 4.3.0.7. | ||||
| CVE-2024-39652 | 2024-08-02 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPWeb Elite WooCommerce PDF Vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.5. | ||||
| CVE-2024-25948 | 1 Dell | 1 Emc Idrac Service Module | 2024-08-02 | 4.8 Medium |
| Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | ||||
| CVE-2024-25947 | 1 Dell | 1 Emc Idrac Service Module | 2024-08-02 | 4.8 Medium |
| Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | ||||
| CVE-2024-38489 | 1 Dell | 1 Emc Idrac Service Module | 2024-08-02 | 3.1 Low |
| Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. | ||||
| CVE-2024-38490 | 1 Dell | 1 Emc Idrac Service Module | 2024-08-02 | 5.8 Medium |
| Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | ||||
| CVE-2024-38481 | 1 Dell | 1 Emc Idrac Service Module | 2024-08-02 | 4.8 Medium |
| Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | ||||
| CVE-2024-38772 | 1 Crocoblock | 1 Jetwidgets For Elementor | 2024-08-02 | 6.5 Medium |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetWidgets for Elementor and WooCommerce allows PHP Local File Inclusion.This issue affects JetWidgets for Elementor and WooCommerce: from n/a through 1.1.7. | ||||
| CVE-2024-39318 | 2024-08-01 | 5.4 Medium | ||
| The Ibexa Admin UI Bundle contains all the necessary parts to run the Ibexa DXP Back Office interface. The file upload widget is vulnerable to XSS payloads in filenames. Access permission to upload files is required. As such, in most cases only authenticated editors and administrators will have the required permission. It is not persistent, i.e. the payload is only executed during the upload. In effect, an attacker will have to trick an editor/administrator into uploading a strangely named file. | ||||
| CVE-2024-7135 | 2024-08-01 | 6.5 Medium | ||
| The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2024-7331 | 1 Totolink | 2 A3300r, A3300r Firmware | 2024-08-01 | 8.8 High |
| A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7358 | 1 Getscreen | 1 Getscreen | 2024-08-01 | 7.8 High |
| A vulnerability was found in Point B Ltd Getscreen Agent 2.19.6 on Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file getscreen.msi of the component Installation. The manipulation leads to creation of temporary file with insecure permissions. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-273337 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but was not able to provide a technical response in time. | ||||
| CVE-2024-6695 | 1 Cozmoslabs | 1 Profile Builder | 2024-08-01 | 9.8 Critical |
| it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process. | ||||