Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-29883 |
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it. Published: March 26, 2024; 10:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29881 |
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0. Published: March 26, 2024; 10:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29684 |
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code. Published: March 26, 2024; 10:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29203 |
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1. Published: March 26, 2024; 10:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1455 |
The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html This primarily affects users that combine an LLM (or agent) with the `XMLOutputParser` and expose the component via an endpoint on a web-service. This would allow a malicious party to attempt to manipulate the LLM to produce a malicious payload for the parser that would compromise the availability of the service. A successful attack is predicated on: 1. Usage of XMLOutputParser 2. Passing of malicious input into the XMLOutputParser either directly or by trying to manipulate an LLM to do so on the users behalf 3. Exposing the component via a web-service Published: March 26, 2024; 10:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-47150 |
IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602. Published: March 26, 2024; 10:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-33855 |
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676. Published: March 26, 2024; 10:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30235 |
Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. Published: March 26, 2024; 9:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30234 |
Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. Published: March 26, 2024; 9:15:45 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30233 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. Published: March 26, 2024; 9:15:45 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2906 |
Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. Published: March 26, 2024; 9:15:45 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22156 |
Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15. Published: March 26, 2024; 9:15:45 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1933 |
Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink. Published: March 26, 2024; 9:15:45 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-52214 |
Missing Authorization vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.3. Published: March 26, 2024; 9:15:44 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30232 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9. Published: March 26, 2024; 8:15:50 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-30231 |
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1. Published: March 26, 2024; 8:15:50 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29644 |
Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box. Published: March 26, 2024; 8:15:50 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28093 |
The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account. Published: March 26, 2024; 8:15:50 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24799 |
Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2. Published: March 26, 2024; 8:15:50 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24719 |
Missing Authorization vulnerability in Uriahs Victor Location Picker at Checkout for WooCommerce.This issue affects Location Picker at Checkout for WooCommerce: from n/a through 1.8.9. Published: March 26, 2024; 8:15:49 AM -0400 |
V3.x:(not available) V2.0:(not available) |