| Page(s) : 1 ... 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 [1523] 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 ... | Result(s) : 329442 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 6.3 | 2024-12-13 | CVE-2024-11012 | cve | The The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njt_nofi_text AJAX action in all versions up to, and inc... |
| N/A | 2024-12-13 | CVE-2024-52057 | cve | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.T... |
| 9.8 | 2024-12-13 | CVE-2024-9290 | cve | The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check ... |
| N/A | 2024-12-13 | CVE-2024-12212 | cve | The vulnerability occurs in the parsing of CSP files. The issues result from the lack of proper validation of user-supplied data, which could allow reading past the end of all... |
| N/A | 2024-12-13 | CVE-2024-9508 | cve | Horner Automation Cscape contains a memory corruption vulnerability, which could allow an attacker to disclose information and execute arbitrary code. |
| N/A | 2024-12-13 | CVE-2024-12603 | cve | A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password. |
| 6.5 | 2024-12-13 | CVE-2019-25221 | cve | The Responsive Filterable Portfolio plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.8 due to insuf... |
| 3.7 | 2024-12-13 | CVE-2024-12300 | cve | The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in... |
| 6.1 | 2024-12-13 | CVE-2024-12572 | cve | The Hello In All Languages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonc... |
| 6.4 | 2024-12-13 | CVE-2024-11767 | cve | The NewsmanApp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'newsman_subscribe_widget' shortcode in all versions up to, and ... |
| 6.1 | 2024-12-13 | CVE-2024-11809 | cve | The Primer MyData for Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'img_src' parameter in all versions up to, and including... |
| 5.4 | 2024-12-13 | CVE-2024-12574 | cve | The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sa... |
| 5.3 | 2024-12-13 | CVE-2024-12579 | cve | The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. This is due to processing user-s... |
| N/A | 2024-12-13 | CVE-2024-21543 | cve | Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the... |
| N/A | 2024-12-13 | CVE-2024-21544 | cve | Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exp... |
| N/A | 2024-12-12 | CVE-2024-12289 | cve | Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Bounda... |
| 6.5 | 2024-12-12 | CVE-2024-49071 | cve | Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over ... |
| 9.8 | 2024-12-12 | CVE-2024-49147 | cve | Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver. |
| N/A | 2024-12-12 | CVE-2024-54811 | cve | A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter. |
| 9.8 | 2024-12-12 | CVE-2024-55663 | cve | XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in `getdocument.vm`; the ordering of the returned doc... |
| Page(s) : 1 ... 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 [1523] 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 ... | Result(s) : 329442 |
