Search Results (Refine Search)
- Results Type: Overview
- Search Type: Search Last 3 Months
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-20755 |
Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: March 18, 2024; 12:15:07 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-20752 |
Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: March 18, 2024; 12:15:07 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-1658 |
The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: March 18, 2024; 12:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1333 |
The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks Published: March 18, 2024; 12:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1331 |
The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks. Published: March 18, 2024; 12:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22257 |
In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter. Published: March 18, 2024; 11:15:41 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-20746 |
Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: March 18, 2024; 11:15:41 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-20745 |
Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Published: March 18, 2024; 11:15:41 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2024-1753 |
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time. Published: March 18, 2024; 11:15:41 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2599 |
File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure. Published: March 18, 2024; 10:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2598 |
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/select_send_2.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. Published: March 18, 2024; 10:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2597 |
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_school_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. Published: March 18, 2024; 10:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2596 |
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/mail/main/select_send.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. Published: March 18, 2024; 10:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2595 |
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_khet_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. Published: March 18, 2024; 10:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2594 |
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. Published: March 18, 2024; 10:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2593 |
Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_group.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. Published: March 18, 2024; 10:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2592 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2591 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2590 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2589 |
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_school_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. Published: March 18, 2024; 10:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |