Latest CVE Feed
-
8.0
HIGHCVE-2024-24903
Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access t... Read more
- Published: Mar. 01, 2024
- Modified: May. 20, 2025
-
7.6
HIGHCVE-2024-24904
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or ... Read more
- Published: Mar. 01, 2024
- Modified: May. 20, 2025
-
7.6
HIGHCVE-2024-24906
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of mal... Read more
- Published: Mar. 01, 2024
- Modified: May. 20, 2025
-
7.3
HIGHCVE-2024-24900
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. E... Read more
- Published: Mar. 01, 2024
- Modified: May. 20, 2025
-
7.6
HIGHCVE-2024-24905
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or ... Read more
- Published: Mar. 01, 2024
- Modified: May. 20, 2025
-
7.6
HIGHCVE-2024-24907
Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage o... Read more
- Published: Mar. 01, 2024
- Modified: May. 20, 2025
-
5.4
MEDIUMCVE-2024-5713
The If-So Dynamic Content Personalization WordPress plugin before 1.8.0.4 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers... Read more
- Published: Jul. 13, 2024
- Modified: May. 20, 2025
-
7.1
HIGHCVE-2024-5715
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin... Read more
Affected Products : wp_emember- Published: Jul. 13, 2024
- Modified: May. 20, 2025
-
5.9
MEDIUMCVE-2024-6231
The Request a Quote WordPress plugin before 2.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more
Affected Products : request_a_quote- Published: Jul. 23, 2024
- Modified: May. 20, 2025
-
7.2
HIGHCVE-2023-4724
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the `wp_query` parameter which allows an attacker to run arbitrary command on the remote server... Read more
- Published: Dec. 18, 2023
- Modified: May. 20, 2025
-
7.2
HIGHCVE-2022-41406
An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.... Read more
Affected Products : church_management_system- Published: Oct. 12, 2022
- Modified: May. 20, 2025
-
7.8
HIGHCVE-2022-41191
Due to lack of proper memory management, when a victim opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be trig... Read more
Affected Products : 3d_visual_enterprise_viewer- Published: Oct. 11, 2022
- Modified: May. 20, 2025
-
6.1
MEDIUMCVE-2022-40931
dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS).... Read more
Affected Products : transfer.sh- Published: Sep. 29, 2022
- Modified: May. 20, 2025
-
7.5
HIGHCVE-2022-39168
IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.... Read more
- Published: Sep. 29, 2022
- Modified: May. 20, 2025
-
7.5
HIGHCVE-2022-38732
SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.... Read more
Affected Products : snapcenter- Published: Sep. 29, 2022
- Modified: May. 20, 2025
-
5.4
MEDIUMCVE-2019-1105
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker ... Read more
Affected Products : outlook- Published: Jul. 29, 2019
- Modified: May. 20, 2025
-
6.5
MEDIUMCVE-2019-1081
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the... Read more
- Published: Jun. 12, 2019
- Modified: May. 20, 2025
-
7.6
HIGHCVE-2019-1080
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current ... Read more
- Published: Jun. 12, 2019
- Modified: May. 20, 2025
-
7.8
HIGHCVE-2019-1065
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; ... Read more
- Published: Jun. 12, 2019
- Modified: May. 20, 2025
-
7.6
HIGHCVE-2019-1055
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current ... Read more
- Published: Jun. 12, 2019
- Modified: May. 20, 2025