Lucene search
K

2429 matches found

CNNVD
CNNVD
added 2024/11/09 12:0 a.m.3 views

WordPress plugin SrcSet Responsive Images for WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

7.1CVSS7.6AI score0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/09 12:0 a.m.2 views

PT-2024-34857 · Minerva Infotech · Minerva Infotech Responsive Data Table

Name of the Vulnerable Software and Affected Versions: Minerva Infotech Responsive Data Table versions 1.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks...

7.1CVSS5.8AI score0.00259EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/11/08 6:35 p.m.5 views

WordPress Responsive Addons for Elementor plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Yusuf Patchstack Alliance in WordPress Plugin Responsive Addons for Elementor versions = 1.5.4...

6.5CVSS6.1AI score0.00258EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.15 views

WordPress WP Responsive Video Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Responsive Video Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51940 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 134f33fcccf3 Credits Zlrqh Required privilege Contributor...

6.5CVSS6.9AI score0.00231EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/11/07 4:15 a.m.20 views

CVE-2024-10947

A vulnerability classified as critical was found in Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System up to 2.0.1. This vulnerability affects unknown code of the file /interlib/order/BatchOrder?cmdACT=adminorder&xsl=adminOrderOrderList.xsl. The...

7.2CVSS0.00537EPSS
Exploits1References4
Patchstack
Patchstack
added 2024/11/04 7:58 p.m.4 views

WordPress Responsive Filterable Portfolio plugin <= 1.0.22 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Zaidan Rizaki Patchstack Alliance in WordPress Plugin Responsive Filterable Portfolio versions = 1.0.22...

4.4CVSS7AI score0.00233EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/04 9:8 a.m.3 views

WordPress Responsive Data Table plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Responsive Data Table versions = 1.3...

7.1CVSS6.1AI score0.00259EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/11/04 8:54 a.m.2 views

WordPress SrcSet Responsive Images for WordPress plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin SrcSet Responsive Images for WordPress versions = 1.4...

7.1CVSS6.1AI score0.00275EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/11/04 1:15 a.m.16 views

CVE-2024-10748

A vulnerability, which was classified as problematic, has been found in Cosmote Greece What's Up App 4.47.3 on Android. This issue affects some unknown processing of the file gr/desquared/kmmsharedmodule/db/RealmDB.java of the component Realm Database Handler. The manipulation of the argument...

4.7CVSS0.00264EPSS
Exploits1References4
CVE
CVE
added 2024/11/04 12:31 a.m.45 views

CVE-2024-10748

Cosmote Greece What’s Up App 4.47.3 (Android) is affected by CVE-2024-10748 in the Realm Database Handler. The issue arises from manipulating the defaultRealmKey in RealmDB.java, causing use of a default cryptographic key. Local access is required; attack complexity is high and exploitation is co...

4.7CVSS4AI score0.00264EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2024/11/04 12:0 a.m.15 views

WordPress Responsive Filterable Portfolio Plugin <= 1.0.22 is vulnerable to Server Side Request Forgery (SSRF)

Software Responsive Filterable Portfolio Type Plugin Vulnerable versions = 1.0.22 Fixed in 1.0.23 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-51785 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID...

4.4CVSS6.6AI score0.00233EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/11/01 8:12 a.m.3 views

WordPress Responsive Flickr Gallery plugin <= 1.3.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Responsive Flickr Gallery versions = 1.3.1...

7.1CVSS6.2AI score0.00161EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2024/11/01 2:31 a.m.19 views

CVE-2024-10613 ESAFENET CDG SystemEncryptPolicyService.java delSystemEncryptPolicy sql injection

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/system/SystemEncryptPolicyService.java. The manipulation of the argument id leads to sql injection. The attack can...

6.5CVSS0.00543EPSS
Exploits1References4
NVD
NVD
added 2024/11/01 2:15 a.m.20 views

CVE-2024-10610

A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function delProtocol of the file /com/esafenet/servlet/system/ProtocolService.java. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The...

8.8CVSS0.00508EPSS
Exploits1References4
NVD
NVD
added 2024/10/31 9:15 p.m.11 views

CVE-2024-10594

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument fileId leads to sql injection. It is possible to launch the attack...

8.8CVSS0.00543EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/10/31 9:0 p.m.19 views

CVE-2024-10597 ESAFENET CDG PolicyActionService.java delPolicyAction sql injection

A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The...

6.5CVSS0.00569EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/10/31 9:0 p.m.25 views

CVE-2024-10596 ESAFENET CDG EncryptPolicyTypeService.java delEntryptPolicySort sql injection

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sql injection. The attack may be launched...

6.5CVSS0.00543EPSS
Exploits1References4
Patchstack
Patchstack
added 2024/10/31 11:45 a.m.5 views

WordPress ML Responsive Audio plugin <= 0.2 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin ML Responsive Audio player with playlist Shortcode versions = 0.2...

6.5CVSS5.8AI score0.00253EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/10/30 2:15 a.m.13 views

CVE-2024-10505

A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

7.2CVSS0.00677EPSS
Exploits1References4
NVD
NVD
added 2024/10/30 1:15 a.m.12 views

CVE-2024-10503

A vulnerability was found in Klokan MapTiler tileserver-gl 2.3.1 and classified as problematic. This issue affects some unknown processing of the component URL Handler. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

6.1CVSS0.00308EPSS
Exploits0References3
Rows per page
Query Builder