Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-24700 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Rojas WP Editor allows Reflected XSS.This issue affects WP Editor: from n/a through 1.2.8. Published: March 27, 2024; 2:15:16 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22311 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Appointments: from n/a through 1.6.6.20. Published: March 27, 2024; 2:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22300 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11. Published: March 27, 2024; 2:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22299 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212. Published: March 27, 2024; 2:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22288 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.4.0. Published: March 27, 2024; 2:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22149 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5. Published: March 27, 2024; 2:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-52228 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.24. Published: March 27, 2024; 2:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-49815 |
Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3. Published: March 27, 2024; 2:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-46052 |
Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file. Published: March 27, 2024; 2:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-46051 |
TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem. Published: March 27, 2024; 2:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-46049 |
LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem. Published: March 27, 2024; 2:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-39306 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through 3.11.1. Published: March 27, 2024; 2:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-31854 |
std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed because it should be categorized as a usability problem. Published: March 27, 2024; 2:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-31634 |
In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126. Published: March 27, 2024; 2:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-29134 |
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of backticks to smartSplit. Published: March 27, 2024; 2:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-46048 |
Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem. Published: March 27, 2024; 1:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-46047 |
An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file. Published: March 27, 2024; 1:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-46046 |
An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files. Published: March 27, 2024; 1:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-45935 |
Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server. Published: March 27, 2024; 1:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-45925 |
GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently fails). Published: March 27, 2024; 1:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |