Total
299227 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-9540 | 1 Sinaextra | 1 Sina Extension For Elementor | 2024-10-30 | N/A | 4.3 MEDIUM |
The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-modal-box.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data. | |||||
CVE-2017-20193 | 1 Woo | 1 Product Vendors | 2024-10-30 | N/A | 6.1 MEDIUM |
The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
CVE-2024-47171 | 1 Agnai | 1 Agnai | 2024-10-30 | N/A | 4.3 MEDIUM |
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. Version 1.0.330 fixes this vulnerability. | |||||
CVE-2024-46538 | 1 Netgate | 1 Pfsense | 2024-10-30 | N/A | 4.8 MEDIUM |
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php. | |||||
CVE-2024-50616 | 2024-10-30 | N/A | 8.8 HIGH | ||
Ironman PowerShell Universal 5.x before 5.0.12 allows an authenticated attacker to elevate their privileges and view job information. | |||||
CVE-2024-50615 | 2024-10-30 | N/A | 6.5 MEDIUM | ||
TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef. | |||||
CVE-2024-50614 | 2024-10-30 | N/A | 6.5 MEDIUM | ||
TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef. | |||||
CVE-2024-48396 | 2024-10-30 | N/A | 6.1 MEDIUM | ||
AIML Chatbot 1.0 (fixed in 2.0) is vulnerable to Cross Site Scripting (XSS). The vulnerability is exploited through the message input field, where attackers can inject malicious HTML or JavaScript code. The chatbot fails to sanitize these inputs, leading to the execution of malicious scripts. | |||||
CVE-2024-44459 | 1 Octavolabs | 1 Vernemq | 2024-10-30 | N/A | 7.5 HIGH |
A memory allocation issue in vernemq v2.0.1 allows attackers to cause a Denial of Service (DoS) via excessive memory consumption. | |||||
CVE-2024-42550 | 2024-10-30 | N/A | 5.4 MEDIUM | ||
A cross-site scripting (XSS) vulnerability in the component /email/welcome.php of Mini Inventory and Sales Management System commit 18aa3d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. | |||||
CVE-2024-31800 | 1 Gncchome | 2 Gncc C2, Gncc C2 Firmware | 2024-10-30 | N/A | 6.8 MEDIUM |
Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port. | |||||
CVE-2024-45714 | 1 Solarwinds | 1 Serv-u | 2024-10-30 | N/A | 4.1 MEDIUM |
Application is vulnerable to Cross Site Scripting (XSS) an authenticated attacker with users’ permissions can modify a variable with a payload. | |||||
CVE-2024-10128 | 1 Topdata | 1 Inner Rep Plus | 2024-10-30 | 3.3 LOW | 4.9 MEDIUM |
A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads to risky cryptographic algorithm. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-49268 | 1 Sunburntkamel | 1 Disconnected | 2024-10-30 | N/A | 6.1 MEDIUM |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sunburntkamel disconnected allows Reflected XSS.This issue affects disconnected: from n/a through 1.3.0. | |||||
CVE-2024-49265 | 1 Booking | 1 Banner Creator | 2024-10-30 | N/A | 5.4 MEDIUM |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Partnerships at Booking.Com Booking.Com Banner Creator allows Stored XSS.This issue affects Booking.Com Banner Creator: from n/a through 1.4.6. | |||||
CVE-2024-10120 | 1 Riskengine | 1 Radar | 2024-10-30 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability has been found in wfh45678 Radar up to 1.0.8 and classified as critical. This vulnerability affects unknown code of the file /services/v1/common/upload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-50611 | 2024-10-30 | N/A | 7.2 HIGH | ||
CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation, rather than an implementation mistake. | |||||
CVE-2024-50610 | 2024-10-30 | N/A | 3.6 LOW | ||
GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs. | |||||
CVE-2024-49211 | 1 Archerirm | 1 Archer | 2024-10-30 | N/A | 6.1 MEDIUM |
Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and executed by the web browser in the context of the vulnerable web application. | |||||
CVE-2024-49210 | 1 Archerirm | 1 Archer | 2024-10-30 | N/A | 6.1 MEDIUM |
Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and executed by the web browser in the context of the vulnerable web application. |