U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,215 matching records.
Displaying matches 221 through 240.
Vuln ID Summary CVSS Severity
CVE-2024-30238

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.2.

Published: March 27, 2024; 10:15:13 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2979

A vulnerability classified as critical was found in Tenda F1203 2.0.1.6. This vulnerability affects the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 27, 2024; 10:15:13 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2978

A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 27, 2024; 10:15:13 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2977

A vulnerability was found in Tenda F1203 2.0.1.6. It has been rated as critical. Affected by this issue is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258146 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 27, 2024; 10:15:13 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2976

A vulnerability was found in Tenda F1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258145 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 27, 2024; 10:15:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29773

Cross-Site Request Forgery (CSRF) vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint allows Cross-Site Scripting (XSS).This issue affects BizPrint: from n/a through 4.5.5.

Published: March 27, 2024; 10:15:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29765

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alireza Sedghi Aparat for WordPress allows Stored XSS.This issue affects Aparat for WordPress: from n/a through 2.2.0.

Published: March 27, 2024; 10:15:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29764

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui allows Stored XSS.This issue affects Molongui: from n/a through 4.7.7.

Published: March 27, 2024; 10:15:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29763

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Reflected XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.

Published: March 27, 2024; 10:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29762

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows Stored XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.1.

Published: March 27, 2024; 10:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29761

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Krunal Prajapati WP Post Disclaimer allows Stored XSS.This issue affects WP Post Disclaimer: from n/a through 1.0.3.

Published: March 27, 2024; 10:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29760

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through 7.1.7.

Published: March 27, 2024; 10:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29759

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.

Published: March 27, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29758

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.72.

Published: March 27, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-28853

Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting (XSS) vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of /preferences.php?action=admin_update_preferences. This vulnerability is fixed in 6.3.1.

Published: March 27, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-28852

Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use `rule` as a variable are not secure. For example, when querying a song, when querying a podcast, we need to use `$rule` variable. This vulnerability is fixed in 6.3.1

Published: March 27, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-26652

In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release calls kfree(padev) to free memory. We shouldn't call kfree(padev) again in the error handling path. Fix this by cleaning up the redundant kfree() and putting the error handling back to where the errors happened.

Published: March 27, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-26651

In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error.

Published: March 27, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-23515

Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.This issue affects Post Video Players: from n/a through 1.159.

Published: March 27, 2024; 10:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-23510

Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin Don't Muck My Markup.This issue affects Don't Muck My Markup: from n/a through 1.8.

Published: March 27, 2024; 10:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)