| Page(s) : 1 ... 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 [1542] 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 ... | Result(s) : 329471 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 6.1 | 2024-12-12 | CVE-2024-12156 | cve | The AI Content Writer, RSS Feed to Post, Autoblogging SEO Help plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all ver... |
| 6.1 | 2024-12-12 | CVE-2024-12162 | cve | The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and ... |
| 6.5 | 2024-12-12 | CVE-2024-12406 | cve | The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'owt7_borrow_books_id' parameter in all vers... |
| 6.1 | 2024-12-12 | CVE-2024-12441 | cve | The BP Email Assign Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.5 d... |
| 5.4 | 2024-12-12 | CVE-2024-12463 | cve | The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arena_embed_amp' shortcode i... |
| 4.3 | 2024-12-12 | CVE-2024-12526 | cve | The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.0. This is due to mi... |
| N/A | 2024-12-11 | CVE-2024-50585 | cve | Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the "Numerix... |
| N/A | 2024-12-11 | CVE-2024-28139 | cve | The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be ... |
| N/A | 2024-12-11 | CVE-2024-28140 | cve | The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are ... |
| N/A | 2024-12-11 | CVE-2024-28141 | cve | The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visi... |
| 8.8 | 2024-12-11 | CVE-2024-47758 | cve | GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any use... |
| 9.8 | 2024-12-11 | CVE-2024-53677 | cve | File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a m... |
| 7.8 | 2024-12-11 | CVE-2024-10251 | cve | Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. |
| 7.8 | 2024-12-11 | CVE-2024-11597 | cve | Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to ac... |
| 7.8 | 2024-12-11 | CVE-2024-11598 | cve | Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to ac... |
| 8.8 | 2024-12-11 | CVE-2024-47760 | cve | GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an ac... |
| 7.2 | 2024-12-11 | CVE-2024-47761 | cve | GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents c... |
| 8.1 | 2024-12-11 | CVE-2024-48912 | cve | GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete... |
| 7.8 | 2024-12-11 | CVE-2024-8496 | cve | Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalat... |
| 7.8 | 2024-12-11 | CVE-2024-9845 | cve | Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. |
| Page(s) : 1 ... 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 [1542] 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 ... | Result(s) : 329471 |
