| Page(s) : 1 ... 853 854 855 856 857 858 859 860 861 862 [863] 864 865 866 867 868 869 870 871 872 873 ... | Result(s) : 300432 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 4.3 | 2025-02-27 | CVE-2024-13647 | cve | The School Management System – SakolaWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing or i... |
| 9.1 | 2025-02-27 | CVE-2024-13905 | cve | The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. This makes it pos... |
| N/A | 2025-02-27 | CVE-2024-2321 | cve | An incorrect authorization vulnerability exists in multiple WSO2 products, allowing protected APIs to be accessed directly using a refresh token instead of the expected access t... |
| 5.4 | 2025-02-27 | CVE-2025-0469 | cve | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider template data in all ver... |
| 4.9 | 2025-02-27 | CVE-2025-1686 | cve | All versions of the package io.pebbletemplates:pebble are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitiv... |
| N/A | 2025-02-26 | CVE-2025-1460 | cve | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| 4.3 | 2025-02-26 | CVE-2025-1726 | cve | There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to imp... |
| N/A | 2025-02-26 | CVE-2024-50684 | cve | SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient entropy). This may allow attackers to decrypt intercepted... |
| N/A | 2025-02-26 | CVE-2024-50685 | cve | SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references (IDOR) via the powerStationService API model. |
| N/A | 2025-02-26 | CVE-2024-50686 | cve | SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the commonService API model. |
| N/A | 2025-02-26 | CVE-2024-50687 | cve | SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the devService API model. |
| N/A | 2025-02-26 | CVE-2024-50688 | cve | SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application (regardless of the user account) and the cloud uses the same MQ... |
| N/A | 2025-02-26 | CVE-2024-50689 | cve | SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the orgService API model. |
| N/A | 2025-02-26 | CVE-2024-50691 | cve | SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. The app explicitly ignores certificate errors and is vulnerable to MiT... |
| N/A | 2025-02-26 | CVE-2024-50693 | cve | SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the userService API model. |
| N/A | 2025-02-26 | CVE-2024-50696 | cve | SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiN... |
| N/A | 2025-02-26 | CVE-2024-57423 | cve | A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function. |
| N/A | 2025-02-26 | CVE-2024-53573 | cve | Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue s... |
| N/A | 2025-02-26 | CVE-2024-55581 | cve | When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an H... |
| N/A | 2025-02-26 | CVE-2024-57040 | cve | TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained by analyzing downloaded firmware or... |
| Page(s) : 1 ... 853 854 855 856 857 858 859 860 861 862 [863] 864 865 866 867 868 869 870 871 872 873 ... | Result(s) : 300432 |
