U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 232,554 matching records.
Displaying matches 1,261 through 1,280.
Vuln ID Summary CVSS Severity
CVE-2024-31272

Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.

Published: April 12, 2024; 9:15:17 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31271

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Ultimate Maps by Supsystic.This issue affects Ultimate Maps by Supsystic: from n/a through 1.2.16.

Published: April 12, 2024; 9:15:17 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31269

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps.This issue affects Easy Google Maps: from n/a through 1.11.11.

Published: April 12, 2024; 9:15:17 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31268

Cross-Site Request Forgery (CSRF) vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.

Published: April 12, 2024; 9:15:17 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31265

Cross-Site Request Forgery (CSRF) vulnerability in SumoMe Sumo.This issue affects Sumo: from n/a through 1.34.

Published: April 12, 2024; 9:15:17 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31264

Unauthenticated Cross Site Request Forgery (CSRF) in Post Views Counter <= 1.4.4 versions.

Published: April 12, 2024; 9:15:16 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31263

Cross-Site Request Forgery (CSRF) vulnerability in aerin Loan Repayment Calculator and Application Form.This issue affects Loan Repayment Calculator and Application Form: from n/a through 2.9.4.

Published: April 12, 2024; 9:15:16 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31262

Cross-Site Request Forgery (CSRF) vulnerability in Jcodex WooCommerce Checkout Field Editor (Checkout Manager).This issue affects WooCommerce Checkout Field Editor (Checkout Manager): from n/a through 2.1.8.

Published: April 12, 2024; 9:15:16 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31251

Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1.

Published: April 12, 2024; 9:15:16 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31250

Cross-Site Request Forgery (CSRF) vulnerability in Saumya Majumder WP Server Health Stats.This issue affects WP Server Health Stats: from n/a through 1.7.3.

Published: April 12, 2024; 9:15:16 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31239

Cross-Site Request Forgery (CSRF) vulnerability in Nudgify Nudgify Social Proof, Sales Popup & FOMO.This issue affects Nudgify Social Proof, Sales Popup & FOMO: from n/a through 1.3.3.

Published: April 12, 2024; 9:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31238

Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through 1.5.5.

Published: April 12, 2024; 9:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-31235

Cross-Site Request Forgery (CSRF) vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.5.

Published: April 12, 2024; 9:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-28718

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.

Published: April 12, 2024; 9:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27261

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.2 could allow a privileged user to install a potentially dangerous tar file, which could give them access to subsequent systems where the package was installed. IBM X-Force ID: 283986.

Published: April 12, 2024; 9:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-25545

An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component.

Published: April 12, 2024; 9:15:15 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-47714

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271531.

Published: April 12, 2024; 9:15:14 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2022-40211

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP allows Stored XSS.This issue affects GiveWP: from n/a through 2.25.1.

Published: April 12, 2024; 9:15:14 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-8006

The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The ocpp1.5 and pwrstudio binaries on the charging station do not use a number of common exploitation mitigations. In particular, there are no stack canaries and they do not use the Position Independent Executable (PIE) format.

Published: April 12, 2024; 8:15:41 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-3211

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to SQL Injection via the 'productid' attribute of the ec_addtocart shortcode in all versions up to, and including, 5.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Published: April 12, 2024; 6:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)