| Page(s) : 1 ... 136 137 138 139 140 141 142 143 144 145 [146] 147 148 149 150 151 152 153 154 155 156 ... | Result(s) : 114981 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 5.3 | 2025-02-26 | CVE-2024-12434 | cve | The SureMembers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.10.6 via the REST API. This makes it possible for un... |
| 4.3 | 2025-02-26 | CVE-2024-13560 | cve | The Subscriptions & Memberships for PayPal plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.6. This is due to missing o... |
| 5.4 | 2025-02-26 | CVE-2024-13803 | cve | The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-marker’ parameter in a... |
| 4.4 | 2025-02-26 | CVE-2024-6810 | cve | The Quiz Organizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.1 due to insufficient input sanitization and outpu... |
| 6.5 | 2025-02-26 | CVE-2025-0731 | cve | An unauthenticated remote attacker can upload a .aspx file instead of a PV system picture through the demo account. The code can only be executed in the security context of the ... |
| 5.4 | 2025-02-26 | CVE-2025-1517 | cve | The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to St... |
| 6.1 | 2025-02-26 | CVE-2025-0719 | cve | IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript c... |
| 6.5 | 2025-02-25 | CVE-2024-36259 | cve | Improper access control in mail module of Odoo Community 17.0 and Odoo Enterprise 17.0 allows remote authenticated attackers to extract sensitive information via an oracle-based... |
| 5.5 | 2025-02-25 | CVE-2024-45417 | cve | Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local... |
| 6.5 | 2025-02-25 | CVE-2024-45425 | cve | Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. |
| 6.5 | 2025-02-25 | CVE-2024-45426 | cve | Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. |
| 5.4 | 2025-02-25 | CVE-2025-27139 | cve | Combodo iTop is a web based IT service management tool. Versions prior to 2.7.12, 3.1.2, and 3.2.0 are vulnerable to cross-site scripting when the preferences page is opened. Ve... |
| 4.3 | 2025-02-25 | CVE-2025-27146 | cve | matrix-appservice-irc is a Node.js IRC bridge for Matrix. The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command e... |
| 5.4 | 2025-02-25 | CVE-2024-54444 | cve | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elementor Website Builder allows Stored XSS. This issue... |
| 5.4 | 2025-02-25 | CVE-2025-26884 | cve | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift allows Stored XSS. This issue affects Greenshif... |
| 6.1 | 2025-02-25 | CVE-2025-26987 | cve | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps allows Reflected XSS. ... |
| 6.1 | 2025-02-25 | CVE-2024-11955 | cve | A vulnerability was found in GLPI up to 10.0.17. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The mani... |
| 6.5 | 2025-02-25 | CVE-2025-21626 | cve | GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the `statu... |
| 6.1 | 2025-02-25 | CVE-2025-21627 | cve | GLPI is a free asset and IT management software package. In versions prior to 10.0.18, a malicious link can be crafted to perform a reflected XSS attack on the search page. If t... |
| 4.3 | 2025-02-25 | CVE-2025-23024 | cve | GLPI is a free asset and IT management software package. Starting in version 0.72 and prior to version 10.0.18, an anonymous user can disable all the active plugins. Version 10.... |
| Page(s) : 1 ... 136 137 138 139 140 141 142 143 144 145 [146] 147 148 149 150 151 152 153 154 155 156 ... | Result(s) : 114981 |
