Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-1511 |
The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages. Published: April 10, 2024; 1:15:51 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3566 |
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. Published: April 10, 2024; 12:15:16 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31874 |
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318. Published: April 10, 2024; 12:15:15 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31873 |
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. Published: April 10, 2024; 12:15:15 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31872 |
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. Published: April 10, 2024; 12:15:15 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31871 |
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306. Published: April 10, 2024; 12:15:15 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31358 |
Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating Funnel.This issue affects 5 Stars Rating Funnel: from n/a through 1.2.67. Published: April 10, 2024; 12:15:14 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31353 |
Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. Published: April 10, 2024; 12:15:14 PM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2024-31302 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44. Published: April 10, 2024; 12:15:14 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31298 |
Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0. Published: April 10, 2024; 12:15:14 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31297 |
Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0. Published: April 10, 2024; 12:15:14 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31287 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.8. Published: April 10, 2024; 12:15:13 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31282 |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7. Published: April 10, 2024; 12:15:13 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31278 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons for Elementor.This issue affects Premium Addons for Elementor: from n/a through 4.10.22. Published: April 10, 2024; 12:15:13 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31259 |
Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5. Published: April 10, 2024; 12:15:13 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31254 |
Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7. Published: April 10, 2024; 12:15:13 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31253 |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3. Published: April 10, 2024; 12:15:12 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31249 |
Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725. Published: April 10, 2024; 12:15:12 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31247 |
Insertion of Sensitive Information into Log File vulnerability in Frédéric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3. Published: April 10, 2024; 12:15:12 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-31245 |
Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5. Published: April 10, 2024; 12:15:12 PM -0400 |
V3.x:(not available) V2.0:(not available) |