U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,178 matching records.
Displaying matches 321 through 340.
Vuln ID Summary CVSS Severity
CVE-2023-25364

Opswat Metadefender Core before 5.2.1 does not properly defend against potential HTML injection and XSS attacks.

Published: March 27, 2024; 3:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-28335

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is running on the same machine as the "lektor server" command.

Published: March 27, 2024; 2:15:19 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25926

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IndiaNIC Widgets Controller allows Reflected XSS.This issue affects Widgets Controller: from n/a through 1.1.

Published: March 27, 2024; 2:15:18 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25920

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4.

Published: March 27, 2024; 2:15:18 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-24842

Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through 11.30.2.

Published: March 27, 2024; 2:15:17 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-24800

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdTribes.Io Product Feed PRO for WooCommerce allows Reflected XSS.This issue affects Product Feed PRO for WooCommerce: from n/a through 13.2.5.

Published: March 27, 2024; 2:15:16 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-24700

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Rojas WP Editor allows Reflected XSS.This issue affects WP Editor: from n/a through 1.2.8.

Published: March 27, 2024; 2:15:16 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-22311

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Appointments: from n/a through 1.6.6.20.

Published: March 27, 2024; 2:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-22300

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11.

Published: March 27, 2024; 2:15:14 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-22299

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Reflected XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212.

Published: March 27, 2024; 2:15:14 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-22288

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Reflected XSS.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.4.0.

Published: March 27, 2024; 2:15:13 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-22149

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann CformsII allows Stored XSS.This issue affects CformsII: from n/a through 15.0.5.

Published: March 27, 2024; 2:15:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-52228

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.24.

Published: March 27, 2024; 2:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-49815

Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3.

Published: March 27, 2024; 2:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-46052

Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file.

Published: March 27, 2024; 2:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-46051

TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem.

Published: March 27, 2024; 2:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-46049

LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem.

Published: March 27, 2024; 2:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-39306

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Fusion Builder allows Reflected XSS.This issue affects Fusion Builder: from n/a through 3.11.1.

Published: March 27, 2024; 2:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-31854

std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed because it should be categorized as a usability problem.

Published: March 27, 2024; 2:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-31634

In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126.

Published: March 27, 2024; 2:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)