| Page(s) : [1] 2 3 4 5 6 7 8 9 10 11 ... | Result(s) : 246864 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2024-04-26 | CVE-2024-0905 | cve | The Fancy Product Designer WordPress plugin before 6.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Script... |
| N/A | 2024-04-26 | CVE-2024-2159 | cve | The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shor... |
| N/A | 2024-04-26 | CVE-2024-2310 | cve | The WP Google Review Slider WordPress plugin before 13.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Store... |
| N/A | 2024-04-26 | CVE-2024-2429 | cve | The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin chang... |
| N/A | 2024-04-26 | CVE-2024-2439 | cve | The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Store... |
| N/A | 2024-04-26 | CVE-2024-2603 | cve | The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depend... |
| N/A | 2024-04-26 | CVE-2024-2837 | cve | The WP Chat App WordPress plugin before 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scri... |
| N/A | 2024-04-26 | CVE-2024-2908 | cve | The Call Now Button WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cros... |
| N/A | 2024-04-26 | CVE-2024-3048 | cve | The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used a... |
| N/A | 2024-04-26 | CVE-2024-3058 | cve | The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make l... |
| N/A | 2024-04-26 | CVE-2024-3059 | cve | The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a... |
| N/A | 2024-04-26 | CVE-2024-3060 | cve | The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks |
| N/A | 2024-04-26 | CVE-2024-3075 | cve | The MM-email2image WordPress plugin through 0.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is... |
| N/A | 2024-04-26 | CVE-2024-3188 | cve | The WP Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 7.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/... |
| N/A | 2024-04-26 | CVE-2024-4056 | cve | Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources. |
| N/A | 2024-04-26 | CVE-2023-6095 | cve | Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request pac... |
| N/A | 2024-04-26 | CVE-2023-6096 | cve | Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The man... |
| N/A | 2024-04-26 | CVE-2023-6116 | cve | Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to exec... |
| N/A | 2024-04-26 | CVE-2024-2920 | cve | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.4.9.3 due to the plugin uploading user suppli... |
| N/A | 2024-04-26 | CVE-2024-33598 | cve | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects ... |
| Page(s) : [1] 2 3 4 5 6 7 8 9 10 11 ... | Result(s) : 246864 |
