1306 matches found
WordPress Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.102 - Authenticated (Admin+) Command Injection vulnerability
Authenticated Admin+ Command Injection vulnerability discovered by wesley wcraft in WordPress Plugin Unlimited Elements For Elementor Free Widgets, Addons, Templates versions = 1.5.102...
PT-2024-8596 · Ivanti · Ivanti Endpoint Manager
Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager versions prior to 2024 November Security Update Ivanti Endpoint Manager versions prior to 2022 SU6 November Security Update Description: The issue is related to a lack of protection against SQL query structure...
WordPress Custom Field Suite plugin <= 2.6.5 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Eduardo Berlanga seqode in WordPress Plugin Custom Field Suite versions = 2.6.5...
PT-2024-13428 · Unknown · Media Streaming Add-On
Name of the Vulnerable Software and Affected Versions: Media Streaming add-on versions prior to 500.1.1.5 Description: An OS command injection issue has been reported, affecting the Media Streaming add-on. This could allow authenticated administrators to execute commands via a network. The issue ...
WordPress WP Front User Submit / Front Editor plugin <= 4.4.7 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Benedictus Jovan in WordPress Plugin WP Front User Submit / Front Editor versions = 4.4.7...
WordPress AnnounceKit plugin <= 2.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Benedictus Jovan in WordPress Plugin AnnounceKit versions = 2.0.9...
WordPress SVS Pricing Tables plugin <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Benedictus Jovan in WordPress Plugin SVS Pricing Tables versions = 1.0.4...
QNAP Systems QuFirewall 路径遍历漏洞
QNAP Systems QuFirewall is a built-in firewall application for QNAP devices from China Weilian Technology QNAP Systems. A path traversal vulnerability exists in QNAP Systems QuFirewall version 2.4.1 and prior versions that could allow an authenticated administrator to read the contents of a file...
PT-2024-21044 · Iris · Iris
Name of the Vulnerable Software and Affected Versions: Iris versions prior to 2.4.6 Description: Iris is a web collaborative platform that helps incident responders share technical details during investigations. Due to an improper setup of the Jinja2 environment, reports generation in iris-web is...
CVE-2024-31077
Forminator prior to 1.29.3 contains a SQL injection vulnerability. If this vulnerability is exploited, a remote authenticated attacker with an administrative privilege may obtain and alter any information in the database and cause a denial-of-service DoS condition...
PT-2024-3246 · Mitel · Mitel 6900 Series +2
Name of the Vulnerable Software and Affected Versions: Mitel 6800 Series versions through 6.3 SP3 HF4 Mitel 6900 Series versions through 6.3 SP3 HF4 Mitel 6900w Series versions through 6.3.3 Mitel 6970 Conference Unit versions through 5.1.1 SP8 Description: The issue is related to insufficient...
WordPress WooCommerce Google Feed Manager plugin <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting vulnerability
Authenticated Admin+ SQL Injection to Reflected Cross-Site Scripting vulnerability discovered by Krzysztof Zając in WordPress Plugin WooCommerce Google Feed Manager versions = 2.4.2...
CVE-2024-3054
WPvivid Backup & Migration Plugin for WordPress is vulnerable to PHAR Deserialization in all versions up to, and including, 0.9.99 via deserialization of untrusted input at the wpvividstggetcustomexcludepathfree action. This is due to the plugin not providing sufficient path validation on the...
CVE-2024-22448
Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service...
PT-2024-7479 · Mitel · Mitel Micollab
Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions 9.7.1.110 and earlier Description: A vulnerability in the Suite Applications Services component could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient...
PT-2024-18308 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: WordPress Infinite Scroll – Ajax Load More plugin for WordPress versions up to, and including, 7.0.1 Description: The issue allows authenticated attackers with administrator-level access and above to read the contents of arbitrary files on th...
WordPress FancyBox for WordPress plugin 3.0.2 - 3.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
WordPress FancyBox for WordPress plugin 3.0.2 - 3.3.3 - Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Sh in WordPress Plugin FancyBox for WordPress versions 3.0.2 - 3.3.3...
CVE-2024-30270 mailcow Path Traversal and Arbitrary Code Execution Vulnerability
mailcow: dockerized is an open source groupware/email suite based on docker. A security vulnerability has been identified in mailcow affecting versions prior to 2024-04. This vulnerability is a combination of path traversal and arbitrary code execution, specifically targeting the rspamdmaps...
WordPress Announce from the Dashboard plugin <= 1.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Benedictus Jovan in WordPress Plugin Announce from the Dashboard versions = 1.5.2...
CVE-2024-23819
GeoServer has a stored Cross-Site Scripting (XSS) vulnerability in the MapML HTML Page. An authenticated administrator with workspace‑level privileges can store a JavaScript payload in the GeoServer catalog, which executes in another user’s browser when the MapML HTML Page is viewed. The MapML ex...