Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-34946 |
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient. Published: May 14, 2024; 11:39:38 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34945 |
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPW parameter at ip/goform/WizardHandle. Published: May 14, 2024; 11:39:38 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34944 |
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient. Published: May 14, 2024; 11:39:38 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34943 |
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting. Published: May 14, 2024; 11:39:38 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34942 |
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/exeCommand. Published: May 14, 2024; 11:39:38 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34921 |
TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function. Published: May 14, 2024; 11:39:37 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34899 |
WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS). Published: May 14, 2024; 11:39:37 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34828 |
Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.32. Published: May 14, 2024; 11:39:37 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34827 |
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Razvan Mocanu, Madalin Ungureanu, Cristophor Hurduban TranslatePress.This issue affects TranslatePress: from n/a through 2.7.5. Published: May 14, 2024; 11:39:36 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34825 |
Cross-Site Request Forgery (CSRF) vulnerability in Warfare Plugins Social Warfare.This issue affects Social Warfare: from n/a through 4.4.5.1. Published: May 14, 2024; 11:39:36 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34823 |
Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter.This issue affects Arigato Autoresponder and Newsletter: from n/a through 2.7.2.3. Published: May 14, 2024; 11:39:35 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34818 |
Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress.This issue affects WebinarPress: from n/a through 1.33.17. Published: May 14, 2024; 11:39:35 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34817 |
Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.0. Published: May 14, 2024; 11:39:34 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34816 |
Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8. Published: May 14, 2024; 11:39:34 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34814 |
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFuse Unyson.This issue affects Unyson: from n/a through 2.7.29. Published: May 14, 2024; 11:39:33 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34812 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through 2.1.8. Published: May 14, 2024; 11:39:32 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34811 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.5.1. Published: May 14, 2024; 11:39:32 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34749 |
Phormer prior to version 3.35 contains a cross-site scripting vulnerability. If this vulnerability is exploited, a remote unauthenticated attacker may execute an arbitrary script on the web browser of the user. Published: May 14, 2024; 11:39:32 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34709 |
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.0, session tokens function like the other JWT tokens where they are not actually invalidated when logging out. The `directus_session` gets destroyed and the cookie gets deleted but if the cookie value is captured, it will still work for the entire expiry time which is set to 1 day by default. Making it effectively a long lived unrevokable stateless token instead of the stateful session token it was meant to be. This vulnerability is fixed in 10.11.0. Published: May 14, 2024; 11:39:31 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-34708 |
Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the `alias` functionality on the API. Normally, these redacted fields will return `**********` however if we change the request to `?alias[workaround]=redacted` we can instead retrieve the plain text value for the field. This can be avoided by removing permission to view the sensitive fields entirely from users or roles that should not be able to see them. This vulnerability is fixed in 10.11.0. Published: May 14, 2024; 11:39:31 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |