U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,331 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2024-30624

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the urls parameter from saveParentControlInfo function.

Published: March 29, 2024; 9:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30623

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the page parameter from fromDhcpListClient function.

Published: March 29, 2024; 9:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30622

Tenda FH1205 v2.0.0.7(775) has a stack overflow vulnerability in the mitInterface parameter from fromAddressNat function.

Published: March 29, 2024; 9:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30613

Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function.

Published: March 29, 2024; 9:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30520

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Labib Ahmed Carousel Anything For WPBakery Page Builder allows Stored XSS.This issue affects Carousel Anything For WPBakery Page Builder: from n/a through 2.1.

Published: March 29, 2024; 9:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30519

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lordicon Lordicon Animated Icons allows Stored XSS.This issue affects Lordicon Animated Icons: from n/a through 2.0.1.

Published: March 29, 2024; 9:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30503

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress Mailster allows Reflected XSS.This issue affects Mailster: from n/a through 4.0.6.

Published: March 29, 2024; 9:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30483

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Sponsorships Sponsors allows Stored XSS.This issue affects Sponsors: from n/a through 3.5.1.

Published: March 29, 2024; 9:15:14 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30458

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOOCS – WooCommerce Currency Switcher.This issue affects WOOCS – WooCommerce Currency Switcher: from n/a through 1.4.1.7.

Published: March 29, 2024; 9:15:14 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30457

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF).This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.1.

Published: March 29, 2024; 9:15:14 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30456

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WPCS.This issue affects WPCS: from n/a through 1.2.0.1.

Published: March 29, 2024; 9:15:14 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-23449

An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypted PDF files.

Published: March 29, 2024; 8:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-6191

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egehan Security WebPDKS allows SQL Injection.This issue affects WebPDKS: through 20240329. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: March 29, 2024; 8:15:07 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-6047

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Algoritim E-commerce Software allows Reflected XSS.This issue affects E-commerce Software: before 3.9.2.

Published: March 29, 2024; 8:15:07 AM -0400
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2024-2848

The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_footer_text_callback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into the site's footer.

Published: March 29, 2024; 7:15:45 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-3061

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.5.2 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Published: March 29, 2024; 6:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-52629

In the Linux kernel, the following vulnerability has been resolved: sh: push-switch: Reorder cleanup operations to avoid use-after-free bug The original code puts flush_work() before timer_shutdown_sync() in switch_drv_remove(). Although we use flush_work() to stop the worker, it could be rescheduled in switch_timer(). As a result, a use-after-free bug can occur. The details are shown below: (cpu 0) | (cpu 1) switch_drv_remove() | flush_work() | ... | switch_timer // timer | schedule_work(&psw->work) timer_shutdown_sync() | ... | switch_work_handler // worker kfree(psw) // free | | psw->state = 0 // use This patch puts timer_shutdown_sync() before flush_work() to mitigate the bugs. As a result, the worker and timer will be stopped safely before the deallocate operations.

Published: March 29, 2024; 6:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2411

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Published: March 29, 2024; 5:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2409

The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled.

Published: March 29, 2024; 5:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2250

The 130+ Widgets | Best Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Published: March 29, 2024; 4:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)