Latest CVE Feed
-
6.1
CVSS31CVE-2024-11287
The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8001. This makes it possible for unauthenticated attackers... Read more
Affected Products :- Published: Dec. 21, 2024
- Modified: Dec. 21, 2024
-
6.4
CVSS31CVE-2024-11196
The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mctagmap shortcode in all versions up to, and including, 17.0.33 due to insufficient input sanitization and output escaping on user supplied attrib... Read more
Affected Products :- Published: Dec. 21, 2024
- Modified: Dec. 21, 2024
-
7.3
CVSS31CVE-2024-11977
The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not pr... Read more
Affected Products :- Published: Dec. 21, 2024
- Modified: Dec. 21, 2024
-
0.0
NONECVE-2024-11607
The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.... Read more
Affected Products :- Published: Dec. 21, 2024
- Modified: Dec. 21, 2024
-
4.3
CVSS31CVE-2024-12846
A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unknown functionality of the file /admin/link.php. The manipulation of the argument siteurl/icon leads to cross site scripting. T... Read more
Affected Products :- Published: Dec. 21, 2024
- Modified: Dec. 21, 2024
-
9.8
CVSS31CVE-2024-11349
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() f... Read more
Affected Products :- Published: Dec. 21, 2024
- Modified: Dec. 21, 2024
-
5.3
CVSS31CVE-2023-31280
An AirVantage online Warranty Checker tool vulnerability could allow an attacker to perform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial Number in addition to the w... Read more
Affected Products :- Published: Dec. 21, 2024
- Modified: Dec. 21, 2024
-
8.1
CVSS31CVE-2023-31279
The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered devices on the AirVantage platform when the owner has not disabled the AirVantage Management Service on the devices or registered the device. This coul... Read more
Affected Products :- Published: Dec. 21, 2024
- Modified: Dec. 21, 2024
-
6.1
CVSS31CVE-2024-11811
The Feedify – Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'store_url' parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization ... Read more
Affected Products :- Published: Dec. 20, 2024
- Modified: Dec. 20, 2024
-
3.5
CVSS31CVE-2024-12845
A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functionality in the library /include/lib/common.php. The manipulation of the argument msg leads to cross site scripting. The attack... Read more
Affected Products :- Published: Dec. 20, 2024
- Modified: Dec. 20, 2024
-
0.0
NONECVE-2021-40959
A reflected cross-site scripting vulnerability in MONITORAPP Application Insight Web Application Firewall (AIWAF) <= 4.1.6 and <=5.0 was identified on the subpage `/process_management/process_status.xhr.php`. This vulnerability allows an attacker to injec... Read more
Affected Products :- Published: Dec. 20, 2024
- Modified: Dec. 20, 2024
-
0.0
NONECVE-2020-13712
A command injection is possible through the user interface, allowing arbitrary command execution as the root user. oMG2000 running MGOS 3.15.1 or earlier is affected. MG90 running MGOS 4.2.1 or earlier is affected.... Read more
Affected Products :- Published: Dec. 20, 2024
- Modified: Dec. 20, 2024
-
8.1
CVSS31CVE-2024-56359
grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier (meaning for example Ctrl+click) could have their account compromised, since the link could use the javasc... Read more
Affected Products :- Published: Dec. 20, 2024
- Modified: Dec. 20, 2024
-
8.1
CVSS31CVE-2024-56358
grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page. This issue has b... Read more
Affected Products :- Published: Dec. 20, 2024
- Modified: Dec. 20, 2024
-
8.1
CVSS31CVE-2024-56357
grist-core is a spreadsheet hosting server. A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the `javascript:` scheme with custom widget URLs and form redirect URLs. T... Read more
Affected Products :- Published: Dec. 20, 2024
- Modified: Dec. 20, 2024
-
7.6
CVSS31CVE-2024-56335
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user ac... Read more
Affected Products :- Published: Dec. 20, 2024
- Modified: Dec. 20, 2024
-
7.8
CVSS31CVE-2024-56334
systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID c... Read more
Affected Products : systeminformation- Published: Dec. 20, 2024
- Modified: Dec. 20, 2024
-
0.0
NONECVE-2024-56159
Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files **for the serv... Read more
Affected Products :- Published: Dec. 19, 2024
- Modified: Dec. 20, 2024
-
0.0
NONECVE-2024-55509
SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component.... Read more
Affected Products :- Published: Dec. 20, 2024
- Modified: Dec. 20, 2024
-
4.3
CVSS31CVE-2024-55186
An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attack... Read more
Affected Products :- Published: Dec. 20, 2024
- Modified: Dec. 20, 2024