Total
256564 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6390 | 2024-02-03 | N/A | 8.8 HIGH | ||
| The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | |||||
| CVE-2023-7089 | 2024-02-03 | N/A | 5.4 MEDIUM | ||
| The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | |||||
| CVE-2023-7074 | 2024-02-03 | N/A | 8.8 HIGH | ||
| The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | |||||
| CVE-2023-6946 | 2024-02-03 | N/A | 8.8 HIGH | ||
| The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | |||||
| CVE-2023-7199 | 2024-02-03 | N/A | 5.3 MEDIUM | ||
| The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request | |||||
| CVE-2024-22143 | 2024-02-03 | N/A | 8.8 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.This issue affects WP Spell Check: from n/a through 9.17. | |||||
| CVE-2024-22285 | 2024-02-03 | N/A | 8.8 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Elise Bosse Frontpage Manager.This issue affects Frontpage Manager: from n/a through 1.3. | |||||
| CVE-2024-22291 | 2024-02-03 | N/A | 8.8 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browser Theme Color.This issue affects Browser Theme Color: from n/a through 1.3. | |||||
| CVE-2024-22304 | 2024-02-03 | N/A | 8.8 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Borbis Media FreshMail For WordPress.This issue affects FreshMail For WordPress: from n/a through 2.3.2. | |||||
| CVE-2024-0589 | 2024-02-03 | N/A | 5.4 MEDIUM | ||
| Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry. | |||||
| CVE-2024-22140 | 2024-02-03 | N/A | 8.8 HIGH | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0. | |||||
| CVE-2023-6391 | 2024-02-02 | N/A | 8.8 HIGH | ||
| The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | |||||
| CVE-2023-6530 | 2024-02-02 | N/A | 5.4 MEDIUM | ||
| The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2024-22862 | 2024-02-02 | N/A | 9.8 CRITICAL | ||
| Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. | |||||
| CVE-2024-22861 | 2024-02-02 | N/A | 7.5 HIGH | ||
| Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. | |||||
| CVE-2024-22860 | 2024-02-02 | N/A | 9.8 CRITICAL | ||
| Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. | |||||
| CVE-2024-24140 | 2024-02-02 | N/A | 7.2 HIGH | ||
| Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.' | |||||
| CVE-2024-24136 | 2024-02-02 | N/A | 6.1 MEDIUM | ||
| The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks. | |||||
| CVE-2024-22570 | 2024-02-02 | N/A | 5.4 MEDIUM | ||
| A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2007-1923 | 2 Dws Systems Inc., Ledgersmb | 2 Sql-ledger, Ledgersmb | 2024-02-02 | 7.5 HIGH | N/A |
| (1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. | |||||