Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-3661 |
By design, the DHCP protocol does not authenticate messages, including for example the classless static route option (121). An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. Many, if not most VPN systems based on IP routing are susceptible to such attacks. Published: May 06, 2024; 3:15:11 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34412 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Parcel Panel ParcelPanel.This issue affects ParcelPanel: from n/a through 3.8.1. Published: May 06, 2024; 3:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34390 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Stored XSS.This issue affects Post Grid Master: from n/a through 3.4.8. Published: May 06, 2024; 3:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34389 |
Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4. Published: May 06, 2024; 3:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34387 |
Missing Authorization vulnerability in AF themes WP Post Author.This issue affects WP Post Author: from n/a through 3.6.4. Published: May 06, 2024; 3:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34386 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4.3.1. Published: May 06, 2024; 3:15:10 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34381 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.10. Published: May 06, 2024; 3:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34380 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.2.0. Published: May 06, 2024; 3:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34379 |
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Restaurant and Cafe.This issue affects Restaurant and Cafe: from n/a through 1.2.1. Published: May 06, 2024; 3:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34378 |
Missing Authorization vulnerability in LeadConnector.This issue affects LeadConnector: from n/a through 1.7. Published: May 06, 2024; 3:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34377 |
Missing Authorization vulnerability in A WP Life Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery.This issue affects Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery: from n/a through 1.5.3. Published: May 06, 2024; 3:15:09 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34376 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Freesia Edge allows Stored XSS.This issue affects Edge: from n/a through 2.0.9. Published: May 06, 2024; 3:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34375 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.This issue affects Sheets To WP Table Live Sync: from n/a through 3.7.0. Published: May 06, 2024; 3:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34374 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 5.8.0. Published: May 06, 2024; 3:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34373 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.4.2. Published: May 06, 2024; 3:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34372 |
Missing Authorization vulnerability in AddonMaster Post Grid Master.This issue affects Post Grid Master: from n/a through 3.4.7. Published: May 06, 2024; 3:15:08 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34371 |
Missing Authorization vulnerability in Hamid Alinia – idehweb Login with phone number.This issue affects Login with phone number: from n/a through 1.7.18. Published: May 06, 2024; 3:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34369 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through 4.35.0. Published: May 06, 2024; 3:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34368 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mooberry Dreams Mooberry Book Manager.This issue affects Mooberry Book Manager: from n/a through 4.15.12. Published: May 06, 2024; 3:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-34367 |
Cross-Site Request Forgery (CSRF) vulnerability in Popup Box Team Popup box allows Cross-Site Scripting (XSS).This issue affects Popup box: from n/a through 4.1.2. Published: May 06, 2024; 3:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |