Latest CVE Feed
-
7.3
CVSS31CVE-2024-8868
A vulnerability was found in code-projects Crud Operation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file savedata.php. The manipulation of the argument sname leads to sql injection. The attack may be init... Read more
Affected Products : crud_operation_system- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
6.5
CVSS31CVE-2024-44063
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0.... Read more
Affected Products : happyforms- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
6.5
CVSS31CVE-2024-45456
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13.... Read more
Affected Products : wp_meta_seo- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
5.9
CVSS31CVE-2024-45455
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13.... Read more
Affected Products : wp_meta_seo- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
7.1
CVSS31CVE-2024-44060
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jennifer Hall Filmix allows Reflected XSS.This issue affects Filmix: from n/a through 1.1.... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
7.1
CVSS31CVE-2024-45458
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.... Read more
Affected Products : spiffy_calendar- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
6.5
CVSS31CVE-2024-44062
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.5.... Read more
Affected Products : custom_field_template- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
6.5
CVSS31CVE-2024-45457
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13.... Read more
Affected Products : spiffy_calendar- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
7.1
CVSS31CVE-2024-45459
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through 1.13.50.... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
6.5
CVSS31CVE-2024-44058
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Parabola allows Stored XSS.This issue affects Parabola: from n/a through 2.4.1.... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
6.5
CVSS31CVE-2024-44054
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Fluida allows Stored XSS.This issue affects Fluida: from n/a through 1.8.8.... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
6.5
CVSS31CVE-2024-44057
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Nirvana allows Stored XSS.This issue affects Nirvana: from n/a through 1.6.3.... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
6.5
CVSS31CVE-2024-44059
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MediaRon LLC Custom Query Blocks allows Stored XSS.This issue affects Custom Query Blocks: from n/a through 5.3.1.... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
5.0
CVSS31CVE-2024-8869
A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. T... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
0.0
NONECVE-2024-46938
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
0.0
NONECVE-2024-46918
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
4.3
CVSS31CVE-2024-8876
A vulnerability, which was classified as problematic, has been found in xiaohe4966 TpMeCMS up to 1.3.3.1. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The... Read more
Affected Products : tpmecms- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
5.4
CVSS31CVE-2024-8875
A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched rem... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024
-
0.0
NONECVE-2024-46958
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
0.0
NONECVE-2024-46943
An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configurat... Read more
Affected Products :- Published: Sep. 15, 2024
- Modified: Sep. 16, 2024