| Page(s) : 1 ... 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 [1443] 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 ... | Result(s) : 328771 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2024-12-20 | CVE-2024-55186 | cve | An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the ... |
| N/A | 2024-12-20 | CVE-2024-55470 | cve | Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the ... |
| N/A | 2024-12-20 | CVE-2024-55471 | cve | Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of... |
| N/A | 2024-12-20 | CVE-2024-56337 | cve | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.3... |
| N/A | 2024-12-20 | CVE-2024-12677 | cve | Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code. |
| N/A | 2024-12-20 | CVE-2024-7726 | cve | There exists an unauthenticated accessible JTAG port on the Kioxia PM6, PM7 and CM6 devices - On the Kioxia CM6, PM6 and PM7 disk drives it was discovered that the 2 main CPU co... |
| N/A | 2024-12-20 | CVE-2024-12014 | cve | Path Traversal vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in ... |
| 6.8 | 2024-12-20 | CVE-2024-28767 | cve | IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sen... |
| 8 | 2024-12-20 | CVE-2024-40695 | cve | IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to ... |
| 9 | 2024-12-20 | CVE-2024-51466 | cve | IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit... |
| N/A | 2024-12-20 | CVE-2024-10555 | cve | The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to p... |
| N/A | 2024-12-20 | CVE-2024-10706 | cve | The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cro... |
| N/A | 2024-12-20 | CVE-2024-11108 | cve | The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is ... |
| N/A | 2024-12-20 | CVE-2024-5955 | cve | Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arb... |
| N/A | 2024-12-20 | CVE-2024-8968 | cve | The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to p... |
| 7.5 | 2024-12-20 | CVE-2024-11297 | cve | The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via ... |
| 6.1 | 2024-12-20 | CVE-2024-11331 | cve | The ??????? ??????? ??????? ???? ???? plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate... |
| 6.4 | 2024-12-20 | CVE-2024-11411 | cve | The Spotlightr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode in all versions up to, and including, 0... |
| 6.4 | 2024-12-20 | CVE-2024-11774 | cve | The Outdooractive Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode in all versions up to, and includin... |
| 6.4 | 2024-12-20 | CVE-2024-11775 | cve | The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode in all versions up to, and i... |
| Page(s) : 1 ... 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 [1443] 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 ... | Result(s) : 328771 |
