U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,247 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2024-30242

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions Contact Form to Any API.This issue affects Contact Form to Any API: from n/a through 1.1.8.

Published: March 28, 2024; 1:15:52 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30241

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1.

Published: March 28, 2024; 1:15:52 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30240

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typps Calendarista.This issue affects Calendarista: from n/a through 15.5.7.

Published: March 28, 2024; 1:15:52 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30239

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Campaigns.This issue affects Zoho Campaigns: from n/a through 2.0.6.

Published: March 28, 2024; 1:15:52 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30237

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Supsystic Slider by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.10.

Published: March 28, 2024; 1:15:51 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30236

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4.

Published: March 28, 2024; 1:15:51 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30230

Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.This issue affects PDF Invoices and Packing Slips For WooCommerce: from n/a through 1.3.7.

Published: March 28, 2024; 1:15:51 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30229

Deserialization of Untrusted Data vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.4.2.

Published: March 28, 2024; 1:15:51 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30228

Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4.

Published: March 28, 2024; 1:15:51 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30227

Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4.

Published: March 28, 2024; 1:15:50 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30226

Deserialization of Untrusted Data vulnerability in WPDeveloper BetterDocs.This issue affects BetterDocs: from n/a through 3.3.3.

Published: March 28, 2024; 1:15:50 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30225

Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10.

Published: March 28, 2024; 1:15:50 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30224

Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2.

Published: March 28, 2024; 1:15:50 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30223

Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.

Published: March 28, 2024; 1:15:50 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30222

Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26.

Published: March 28, 2024; 1:15:49 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-0677

The Pz-LinkCard WordPress plugin through 2.5.1 does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks.

Published: March 28, 2024; 1:15:49 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-0673

The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Published: March 28, 2024; 1:15:49 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-0672

The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Published: March 28, 2024; 1:15:49 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2091

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.13.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Published: March 27, 2024; 11:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-3024

A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 27, 2024; 10:15:11 PM -0400
V3.x:(not available)
V2.0:(not available)