U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,272 matching records.
Displaying matches 421 through 440.
Vuln ID Summary CVSS Severity
CVE-2024-24700

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Rojas WP Editor allows Reflected XSS.This issue affects WP Editor: from n/a through 1.2.8.

Published: March 27, 2024; 2:15:16 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-22311

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Appointments: from n/a through 1.6.6.20.

Published: March 27, 2024; 2:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-22300

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11.

Published: March 27, 2024; 2:15:14 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-22299

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212.

Published: March 27, 2024; 2:15:14 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-22288

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.4.0.

Published: March 27, 2024; 2:15:13 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-22149

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5.

Published: March 27, 2024; 2:15:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-52228

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.24.

Published: March 27, 2024; 2:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-49815

Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.

Published: March 27, 2024; 2:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-46052

Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file.

Published: March 27, 2024; 2:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-46051

TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem.

Published: March 27, 2024; 2:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-46049

LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem.

Published: March 27, 2024; 2:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-39306

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through 3.11.1.

Published: March 27, 2024; 2:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-31854

std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed because it should be categorized as a usability problem.

Published: March 27, 2024; 2:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-31634

In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126.

Published: March 27, 2024; 2:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-29134

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. There is mishandling of backticks to smartSplit.

Published: March 27, 2024; 2:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-46048

Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem.

Published: March 27, 2024; 1:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-46047

An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.

Published: March 27, 2024; 1:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-46046

An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files.

Published: March 27, 2024; 1:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-45935

Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server.

Published: March 27, 2024; 1:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-45925

GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently fails).

Published: March 27, 2024; 1:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)