Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-3191 |
A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-262307. Published: April 29, 2024; 3:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33546 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. Published: April 29, 2024; 3:15:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33544 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. Published: April 29, 2024; 3:15:06 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-4303 |
ArmorX Android APP's multi-factor authentication (MFA) for the login function is not properly implemented. Remote attackers who obtain user credentials can bypass MFA, allowing them to successfully log into the APP. Published: April 29, 2024; 2:15:18 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-4302 |
Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. When the message recipient views the message, they become susceptible to Cross-site Scripting (XSS) attacks. Published: April 29, 2024; 2:15:17 AM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-33905 |
In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS via the postMessage web_app_open_link event type. Published: April 29, 2024; 2:15:17 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33904 |
In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file. Published: April 29, 2024; 2:15:17 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33686 |
Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n/a through 1.0.15; Hugo WP: from n/a through 1.0.8; Althea WP: from n/a through 1.0.13; Elevate WP: from n/a through 1.0.15; Brite: from n/a through 1.0.11; Colibri WP: from n/a through 1.0.94; Vertice: from n/a through 1.0.7. Published: April 29, 2024; 2:15:16 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33681 |
Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Regenerate post permalink allows Cross-Site Scripting (XSS).This issue affects Regenerate post permalink: from n/a through 1.0.3. Published: April 29, 2024; 2:15:16 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33632 |
Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. Published: April 29, 2024; 2:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33631 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. Published: April 29, 2024; 2:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33630 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.26. Published: April 29, 2024; 2:15:14 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33571 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infomaniak Staff VOD Infomaniak allows Reflected XSS.This issue affects VOD Infomaniak: from n/a through 1.5.6. Published: April 29, 2024; 2:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33562 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore allows Reflected XSS.This issue affects XStore: from n/a through 9.3.5. Published: April 29, 2024; 2:15:13 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33559 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5. Published: April 29, 2024; 2:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33554 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core allows Reflected XSS.This issue affects XStore Core: from n/a through 5.3.5. Published: April 29, 2024; 2:15:12 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33551 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore Core allows SQL Injection.This issue affects XStore Core: from n/a through 5.3.5. Published: April 29, 2024; 2:15:11 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33548 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team WZone allows Reflected XSS.This issue affects WZone: from n/a through 14.0.10. Published: April 29, 2024; 2:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33542 |
Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5. Published: April 29, 2024; 2:15:10 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33540 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill ColorNews allows Stored XSS.This issue affects ColorNews: from n/a through 1.2.6. Published: April 29, 2024; 2:15:09 AM -0400 |
V3.x:(not available) V2.0:(not available) |