U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,149 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2024-29765

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alireza Sedghi Aparat for WordPress allows Stored XSS.This issue affects Aparat for WordPress: from n/a through 2.2.0.

Published: March 27, 2024; 10:15:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29764

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molongui allows Stored XSS.This issue affects Molongui: from n/a through 4.7.7.

Published: March 27, 2024; 10:15:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29763

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Reflected XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.

Published: March 27, 2024; 10:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29762

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) allows Stored XSS.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through 0.5.8.1.

Published: March 27, 2024; 10:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29761

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Krunal Prajapati WP Post Disclaimer allows Stored XSS.This issue affects WP Post Disclaimer: from n/a through 1.0.3.

Published: March 27, 2024; 10:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29760

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster for WooCommerce allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through 7.1.7.

Published: March 27, 2024; 10:15:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29759

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.

Published: March 27, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29758

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kienso Co-marquage service-public.Fr allows Reflected XSS.This issue affects Co-marquage service-public.Fr: from n/a through 0.5.72.

Published: March 27, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-28853

Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting (XSS) vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of /preferences.php?action=admin_update_preferences. This vulnerability is fixed in 6.3.1.

Published: March 27, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-28852

Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use `rule` as a variable are not secure. For example, when querying a song, when querying a podcast, we need to use `$rule` variable. This vulnerability is fixed in 6.3.1

Published: March 27, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-26652

In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release calls kfree(padev) to free memory. We shouldn't call kfree(padev) again in the error handling path. Fix this by cleaning up the redundant kfree() and putting the error handling back to where the errors happened.

Published: March 27, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-26651

In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error.

Published: March 27, 2024; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-23515

Cross-Site Request Forgery (CSRF) vulnerability in Cincopa Post Video Players.This issue affects Post Video Players: from n/a through 1.159.

Published: March 27, 2024; 10:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-23510

Cross-Site Request Forgery (CSRF) vulnerability in Martyn Chamberlin Don't Muck My Markup.This issue affects Don't Muck My Markup: from n/a through 1.8.

Published: March 27, 2024; 10:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-44999

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0.

Published: March 27, 2024; 10:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-39311

Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.

Published: March 27, 2024; 10:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-34020

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3.

Published: March 27, 2024; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-45847

Cross-Site Request Forgery (CSRF) vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting (XSS).This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1.

Published: March 27, 2024; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29812

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22.

Published: March 27, 2024; 9:15:53 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29811

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftLab Radio Player allows Stored XSS.This issue affects Radio Player: from n/a through 2.0.73.

Published: March 27, 2024; 9:15:53 AM -0400
V3.x:(not available)
V2.0:(not available)