Total
92959 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10226 | 1 Tychesoftwares | 1 Arconix Shortcodes | 2024-10-31 | N/A | 5.4 MEDIUM |
| The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-9505 | 1 Fastlinemedia | 1 Beaver Builder | 2024-10-31 | N/A | 5.4 MEDIUM |
| The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2022-30360 | 1 Ovaledge | 1 Ovaledge | 2024-10-31 | N/A | 6.4 MEDIUM |
| OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS (AKA Persistent or Type II) vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. Authentication is required. | |||||
| CVE-2022-30359 | 1 Ovaledge | 1 Ovaledge | 2024-10-31 | N/A | 4.3 MEDIUM |
| OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences. | |||||
| CVE-2022-30361 | 1 Ovaledge | 1 Ovaledge | 2024-10-31 | N/A | 5.3 MEDIUM |
| OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserType. No authentication is required. The information disclosed is associated with the registered user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences. | |||||
| CVE-2024-49632 | 1 Coralwebdesign | 1 Cwd 3d Image Gallery | 2024-10-31 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Coral Web Design CWD 3D Image Gallery allows Reflected XSS.This issue affects CWD 3D Image Gallery: from n/a through 1.0. | |||||
| CVE-2022-30356 | 1 Ovaledge | 1 Ovaledge | 2024-10-31 | N/A | 4.7 MEDIUM |
| OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADMIN role privilege. | |||||
| CVE-2024-49634 | 1 Rimonhabib | 1 Bp Member Type Manager | 2024-10-31 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rimon Habib BP Member Type Manager allows Reflected XSS.This issue affects BP Member Type Manager: from n/a through 1.01. | |||||
| CVE-2024-8143 | 1 Gaizhenbiao | 1 Chuanhuchatgpt | 2024-10-31 | N/A | 4.3 MEDIUM |
| In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user's private chat history. | |||||
| CVE-2024-49641 | 1 Tidaweb | 1 Tida Url Screenshot | 2024-10-31 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tidaweb Tida URL Screenshot allows Reflected XSS.This issue affects Tida URL Screenshot: from n/a through 1.0. | |||||
| CVE-2024-49640 | 1 Amadercodelab | 1 Acl Floating Cart For Woocommerce | 2024-10-31 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AmaderCode Lab ACL Floating Cart for WooCommerce allows Reflected XSS.This issue affects ACL Floating Cart for WooCommerce: from n/a through 0.9. | |||||
| CVE-2024-49639 | 1 Edwardstoever | 1 Monitor.chat | 2024-10-31 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Edward Stoever Monitor.Chat allows Reflected XSS.This issue affects Monitor.Chat: from n/a through 1.1.1. | |||||
| CVE-2024-49638 | 1 Aliazlan | 1 Risk Warning Bar | 2024-10-31 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali Azlan Risk Warning Bar allows Reflected XSS.This issue affects Risk Warning Bar: from n/a through 1.0. | |||||
| CVE-2024-48227 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 4.9 MEDIUM |
| Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS). | |||||
| CVE-2024-48225 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 6.5 MEDIUM |
| Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile. | |||||
| CVE-2023-31310 | 2024-10-31 | N/A | 5.0 MEDIUM | ||
| Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the "set temperature input selection" command, potentially resulting in a loss of integrity and/or availability. | |||||
| CVE-2024-48224 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 4.9 MEDIUM |
| Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile. | |||||
| CVE-2024-49635 | 1 Manzurulhaque | 1 Banner Slider | 2024-10-31 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manzurul Haque Banner Slider allows Reflected XSS.This issue affects Banner Slider: from n/a through 2.1. | |||||
| CVE-2023-50355 | 1 Hcltech | 1 Sametime | 2024-10-31 | N/A | 5.3 MEDIUM |
| HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack. | |||||
| CVE-2024-49980 | 1 Linux | 1 Linux Kernel | 2024-10-31 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: vrf: revert "vrf: Remove unnecessary RCU-bh critical section" This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. dev_queue_xmit_nit is expected to be called with BH disabled. __dev_queue_xmit has the following: /* Disable soft irqs for various locks below. Also * stops preemption for RCU. */ rcu_read_lock_bh(); VRF must follow this invariant. The referenced commit removed this protection. Which triggered a lockdep warning: ================================ WARNING: inconsistent lock state 6.11.0 #1 Tainted: G W -------------------------------- inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. btserver/134819 [HC0[0]:SC0[0]:HE1:SE1] takes: ffff8882da30c118 (rlock-AF_PACKET){+.?.}-{2:2}, at: tpacket_rcv+0x863/0x3b30 {IN-SOFTIRQ-W} state was registered at: lock_acquire+0x19a/0x4f0 _raw_spin_lock+0x27/0x40 packet_rcv+0xa33/0x1320 __netif_receive_skb_core.constprop.0+0xcb0/0x3a90 __netif_receive_skb_list_core+0x2c9/0x890 netif_receive_skb_list_internal+0x610/0xcc0 [...] other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(rlock-AF_PACKET); <Interrupt> lock(rlock-AF_PACKET); *** DEADLOCK *** Call Trace: <TASK> dump_stack_lvl+0x73/0xa0 mark_lock+0x102e/0x16b0 __lock_acquire+0x9ae/0x6170 lock_acquire+0x19a/0x4f0 _raw_spin_lock+0x27/0x40 tpacket_rcv+0x863/0x3b30 dev_queue_xmit_nit+0x709/0xa40 vrf_finish_direct+0x26e/0x340 [vrf] vrf_l3_out+0x5f4/0xe80 [vrf] __ip_local_out+0x51e/0x7a0 [...] | |||||