U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,215 matching records.
Displaying matches 541 through 560.
Vuln ID Summary CVSS Severity
CVE-2024-29883

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it.

Published: March 26, 2024; 10:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29881

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.

Published: March 26, 2024; 10:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29684

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code.

Published: March 26, 2024; 10:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29203

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.

Published: March 26, 2024; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-1455

The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html This primarily affects users that combine an LLM (or agent) with the `XMLOutputParser` and expose the component via an endpoint on a web-service. This would allow a malicious party to attempt to manipulate the LLM to produce a malicious payload for the parser that would compromise the availability of the service. A successful attack is predicated on: 1. Usage of XMLOutputParser 2. Passing of malicious input into the XMLOutputParser either directly or by trying to manipulate an LLM to do so on the users behalf 3. Exposing the component via a web-service

Published: March 26, 2024; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-47150

IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.

Published: March 26, 2024; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-33855

Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.

Published: March 26, 2024; 10:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30235

Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0.

Published: March 26, 2024; 9:15:46 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30234

Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1.

Published: March 26, 2024; 9:15:45 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30233

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1.

Published: March 26, 2024; 9:15:45 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2906

Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73.

Published: March 26, 2024; 9:15:45 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-22156

Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15.

Published: March 26, 2024; 9:15:45 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-1933

Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink.

Published: March 26, 2024; 9:15:45 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-52214

Missing Authorization vulnerability in voidCoders Void Contact Form 7 Widget For Elementor Page Builder.This issue affects Void Contact Form 7 Widget For Elementor Page Builder: from n/a through 2.3.

Published: March 26, 2024; 9:15:44 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30232

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.

Published: March 26, 2024; 8:15:50 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30231

Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1.

Published: March 26, 2024; 8:15:50 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29644

Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box.

Published: March 26, 2024; 8:15:50 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-28093

The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account.

Published: March 26, 2024; 8:15:50 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-24799

Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2.

Published: March 26, 2024; 8:15:50 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-24719

Missing Authorization vulnerability in Uriahs Victor Location Picker at Checkout for WooCommerce.This issue affects Location Picker at Checkout for WooCommerce: from n/a through 1.8.9.

Published: March 26, 2024; 8:15:49 AM -0400
V3.x:(not available)
V2.0:(not available)