Latest CVE Feed
-
6.1
CVSS31CVE-2024-48758
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the addPro parameter of the component doAdminAction.php which allows a remote attacker to execute arbitrary code... Read more
Affected Products : dingfanzu- Published: Oct. 16, 2024
- Modified: Oct. 17, 2024
-
9.8
CVSS31CVE-2024-48180
ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 17, 2024
-
7.2
CVSS31CVE-2024-46213
REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability.... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 17, 2024
-
4.9
CVSS31CVE-2024-46212
An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal.... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 17, 2024
-
5.3
CVSS31CVE-2024-44762
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 17, 2024
-
7.1
CVSS31CVE-2023-7294
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. This makes it possible for ... Read more
Affected Products : paytium- Published: Oct. 16, 2024
- Modified: Oct. 17, 2024
-
4.3
CVSS31CVE-2023-7293
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versions up to, and including, 4.3.7. This makes it possible ... Read more
Affected Products : paytium- Published: Oct. 16, 2024
- Modified: Oct. 17, 2024
-
4.3
CVSS31CVE-2023-7292
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. This makes it possibl... Read more
Affected Products : paytium- Published: Oct. 16, 2024
- Modified: Oct. 17, 2024
-
8.1
CVSS31CVE-2023-7291
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_mollie_account function in versions up to, and including, 4.3.7. This makes it possible f... Read more
Affected Products : paytium- Published: Oct. 16, 2024
- Modified: Oct. 17, 2024
-
4.3
CVSS31CVE-2023-7290
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in versions up to, and including, 4.3.7. This makes it possible f... Read more
Affected Products : paytium- Published: Oct. 16, 2024
- Modified: Oct. 17, 2024
-
5.4
CVSS31CVE-2023-7289
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions up to, and including, 4.3.7. This makes it possible for ... Read more
Affected Products : paytium- Published: Oct. 16, 2024
- Modified: Oct. 17, 2024
-
5.4
CVSS31CVE-2023-7287
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. This makes it poss... Read more
Affected Products : paytium- Published: Oct. 16, 2024
- Modified: Oct. 17, 2024
-
5.4
CVSS31CVE-2023-7288
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versions up to, and including, 4.3.7. This makes it possible ... Read more
Affected Products : paytium- Published: Oct. 16, 2024
- Modified: Oct. 17, 2024
-
0.0
NONECVE-2024-49399
The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
0.0
NONECVE-2024-49398
The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
0.0
NONECVE-2024-49397
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
0.0
NONECVE-2024-49396
The affected product is vulnerable due to insufficiently protected credentials, which may allow an attacker to impersonate Elvaco and send false information.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
5.0
CVSS31CVE-2024-10073
A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possi... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
6.3
CVSS31CVE-2024-10072
A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. This issue affects the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument checklist... Read more
Affected Products : cdg- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
0.0
NONECVE-2024-9414
In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerability could allow an attacker to inject arbitrary code into a web page. This could allow an attacker to steal cookies, redirect users, or perform unauthorized actions.... Read more
Affected Products : laquis_scada- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024