Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-2936 |
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: March 29, 2024; 2:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2844 |
The Easy Appointments plugin for WordPress is vulnerable to unauthorized modification of data due to insufficient user validation on the ajax_cancel_appointment() function in all versions up to, and including, 3.11.18. This makes it possible for unauthenticated attackers to cancel other users orders. Published: March 29, 2024; 2:15:08 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2842 |
The Easy Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ea_full_calendar' shortcode in all versions up to, and including, 3.11.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: March 29, 2024; 2:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28960 |
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory. Published: March 29, 2024; 2:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3077 |
An malicious BLE device can crash BLE victim device by sending malformed gatt packet Published: March 29, 2024; 1:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2841 |
The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping on user supplied attributes such as 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: March 29, 2024; 1:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2475 |
The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: March 29, 2024; 1:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1729 |
Th password check condition is vulnerable to timing attack to guess the password Published: March 29, 2024; 1:15:45 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29489 |
Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type. Published: March 28, 2024; 7:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29316 |
NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true. Published: March 28, 2024; 7:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28714 |
SQL Injection vulnerability in CRMEB_Java e-commerce system v.1.3.4 allows an attacker to execute arbitrary code via the groupid parameter. Published: March 28, 2024; 7:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28456 |
Cross Site Scripting vulnerability in Campcodes Online Marriage Registration System v.1.0 allows a remote attacker to execute arbitrary code via the text fields in the marriage registration request form. Published: March 28, 2024; 7:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-24407 |
SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component. Published: March 28, 2024; 7:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-50969 |
Thales Imperva SecureSphere WAF 14.7.0.40 allows remote attackers to bypass WAF rules via a crafted POST request, a different vulnerability than CVE-2021-45468. Published: March 28, 2024; 7:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-33528 |
halo v1.6.0 is vulnerable to Cross Site Scripting (XSS). Published: March 28, 2024; 7:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2021-31156 |
Allied Telesis AT-S115 1.2.0 devices before 1.00.024 with Boot Loader 1.00.006 allow Directory Traversal to achieve partial access to data. Published: March 28, 2024; 7:15:45 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-25341 |
A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests. Published: March 28, 2024; 6:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23727 |
The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component. Published: March 28, 2024; 5:16:01 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28091 |
Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User Defined Service in managed_services_add.asp (the victim must click an X for a deletion). Published: March 28, 2024; 4:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28090 |
Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp. Published: March 28, 2024; 4:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |