Total
253942 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-6389 | 2024-02-03 | N/A | 6.1 MEDIUM | ||
The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | |||||
CVE-2024-21750 | 2024-02-03 | N/A | 6.1 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5. | |||||
CVE-2024-24062 | 2024-02-03 | N/A | 5.4 MEDIUM | ||
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role. | |||||
CVE-2024-24061 | 2024-02-03 | N/A | 5.4 MEDIUM | ||
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add. | |||||
CVE-2024-24060 | 2024-02-03 | N/A | 5.4 MEDIUM | ||
springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user. | |||||
CVE-2024-24059 | 2024-02-03 | N/A | 5.4 MEDIUM | ||
springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files. | |||||
CVE-2023-52188 | 2024-02-03 | N/A | 5.4 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter allows Stored XSS.This issue affects Footer Putter: from n/a through 1.17. | |||||
CVE-2023-52189 | 2024-02-03 | N/A | 5.4 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jhayghost Ideal Interactive Map allows Stored XSS.This issue affects Ideal Interactive Map: from n/a through 1.2.4. | |||||
CVE-2024-22148 | 2024-02-03 | N/A | 6.1 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3. | |||||
CVE-2024-22430 | 2024-02-03 | N/A | 5.5 MEDIUM | ||
Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service. | |||||
CVE-2024-22938 | 2024-02-03 | N/A | 7.8 HIGH | ||
Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component. | |||||
CVE-2024-22449 | 2024-02-03 | N/A | 7.8 HIGH | ||
Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access. | |||||
CVE-2023-51840 | 2024-02-03 | N/A | 9.8 CRITICAL | ||
DoraCMS 2.1.8 is vulnerable to Use of Hard-coded Cryptographic Key. | |||||
CVE-2024-22648 | 2024-02-03 | N/A | 5.3 MEDIUM | ||
A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment. | |||||
CVE-2024-22647 | 2024-02-03 | N/A | 5.3 MEDIUM | ||
An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. | |||||
CVE-2024-22646 | 2024-02-03 | N/A | 5.3 MEDIUM | ||
An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system. | |||||
CVE-2024-22643 | 2024-02-03 | N/A | 6.5 MEDIUM | ||
A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. | |||||
CVE-2023-6390 | 2024-02-03 | N/A | 8.8 HIGH | ||
The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | |||||
CVE-2023-7089 | 2024-02-03 | N/A | 5.4 MEDIUM | ||
The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | |||||
CVE-2023-7074 | 2024-02-03 | N/A | 8.8 HIGH | ||
The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. |