Latest CVE Feed
-
6.1
CVSS31CVE-2024-11807
The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'data1' and 'data2' parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for ... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
6.1
CVSS31CVE-2024-11461
The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauth... Read more
Affected Products :- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
6.1
CVSS31CVE-2024-11707
The My auctions allegro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unaut... Read more
Affected Products :- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
6.1
CVSS31CVE-2024-11814
The Additional Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the wfwp_wcos_delete_finished, wfwp_wcos_delete_fallback_finished, wfwp_wcos_delete_fallback_orders_updated, and wfwp_wcos_delete_f... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
6.1
CVSS31CVE-2024-11200
The Goodlayers Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘font-family’ parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for una... Read more
Affected Products :- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
6.1
CVSS31CVE-2024-11805
The Quick License Manager – WooCommerce Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'submit_qlm_products' parameter in all versions up to, and including, 2.4.17 due to insufficient input sanitization and output esca... Read more
Affected Products :- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
6.1
CVSS31CVE-2023-6978
The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it poss... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
6.1
CVSS31CVE-2024-11326
The Campaign Monitor Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for un... Read more
Affected Products :- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
5.9
CVSS31CVE-2024-41775
IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more
Affected Products : cognos_controller- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
5.9
CVSS31CVE-2024-49410
Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.... Read more
Affected Products : android- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
5.9
CVSS31CVE-2021-29892
IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information us... Read more
Affected Products : cognos_controller- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
5.5
CVSS31CVE-2024-25020
IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the sy... Read more
Affected Products : cognos_controller- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
5.5
CVSS31CVE-2024-11093
The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level ac... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
5.5
CVSS31CVE-2024-25019
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system ... Read more
Affected Products : cognos_controller- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
5.5
CVSS31CVE-2024-49412
Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch.... Read more
Affected Products : android- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
5.5
CVSS31CVE-2024-12082
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.... Read more
Affected Products : openharmony- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
5.5
CVSS31CVE-2024-9978
in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.... Read more
Affected Products : openharmony- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
5.4
CVSS31CVE-2024-40745
Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8.... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
5.3
CVSS31CVE-2024-52546
An unauthenticated attacker can perform a null pointer dereference in the DHIP Service (UDP port 37810). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.... Read more
Affected Products :- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
5.3
CVSS31CVE-2024-9404
Moxa’s IP Cameras are affected by a medium-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024