Lucene search
K

2429 matches found

Vulnrichment
Vulnrichment
added 2024/10/17 7:16 p.m.17 views

CVE-2024-49280 WordPress Lightbox slider -- Responsive Lightbox Gallery plugin <= 1.10.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Weblizar Lightbox slider – Responsive Lightbox Gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n/a through 1.10.0...

6.5CVSS6.8AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/17 7:14 p.m.27 views

CVE-2024-49282 WordPress Responsive Lightbox & Gallery plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dFactory Responsive Lightbox responsive-lightbox allows Stored XSS.This issue affects Responsive Lightbox: from n/a through = 2.4.8...

5.9CVSS0.0025EPSS
Exploits0References1
CVE
CVE
added 2024/10/17 7:14 p.m.55 views

CVE-2024-49282

CVE-2024-49282 concerns the WordPress plugin “Responsive Lightbox & Gallery” (dFactory Responsive Lightbox) and is a Cross-Site Scripting (Stored XSS) vulnerability in the plugin’s input handling during web page generation, affecting versions up to 2.4.8. The root cause, as reported, is improper ...

5.9CVSS5.9AI score0.0025EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/17 7:14 p.m.19 views

CVE-2024-49282 WordPress Responsive Lightbox & Gallery plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in dFactory Responsive Lightbox allows Stored XSS.This issue affects Responsive Lightbox: from n/a through 2.4.8...

5.9CVSS6.8AI score0.0025EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/17 12:0 a.m.4 views

WordPress plugin Responsive Lightbox 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin.... A cross-site...

5.9CVSS6.1AI score0.0025EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/10/15 10:13 a.m.5 views

WordPress Responsive Lightbox & Gallery plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore Patchstack Alliance in WordPress Plugin Responsive Lightbox versions = 2.4.8...

5.9CVSS6.1AI score0.0025EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/10/15 10:6 a.m.4 views

WordPress Lightbox slider -- Responsive Lightbox Gallery plugin <= 1.10.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore in WordPress Plugin Lightbox slider – Responsive Lightbox Gallery versions = 1.10.6...

6.5CVSS5.2AI score0.00245EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.14 views

WordPress Lightbox slider – Responsive Lightbox Gallery Plugin <= 1.10.1 is vulnerable to Cross Site Scripting (XSS)

Software Lightbox slider – Responsive Lightbox Gallery Type Plugin Vulnerable versions = 1.10.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49280 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b212a4266d36 Credits Robert...

6.5CVSS6.5AI score0.00245EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/10/15 12:0 a.m.8 views

WordPress Responsive Lightbox Plugin <= 2.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Responsive Lightbox Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-49282 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0929b0920fa2 Credits Robert DeVore Required privilege...

5.9CVSS5.8AI score0.0025EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/13 7:31 p.m.9 views

CVE-2024-9917 HuangDou UTCMS template_creat.php deserialization

A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/templatecreat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The explo...

6.5CVSS6.7AI score0.08703EPSS
Exploits1References4
NVD
NVD
added 2024/10/13 7:15 p.m.17 views

CVE-2024-9916

A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. The attack may be launched remotely. The...

9.8CVSS0.73666EPSS
Exploits1References4
CVE
CVE
added 2024/10/10 3:31 p.m.56 views

CVE-2024-9793

CVE-2024-9793 affects Tenda AC1206 firmware up to version 15.03.06.23. The vulnerability is in the ate_iwpriv_set/ate_ifconfig_set handlers in /goform/ate, enabling remote command injection due to insufficient input sanitization. Impact is described as remote code execution with high confidential...

9.8CVSS7.1AI score0.21464EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2024/10/10 3:15 p.m.18 views

CVE-2024-9790

A vulnerability was found in LyLmespage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and...

7.2CVSS0.00547EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/10/10 2:0 p.m.16 views

CVE-2024-9789 LyLme_spage apply.php sql injection

A vulnerability was found in LyLmespage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may...

5.8CVSS0.00547EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/10/10 2:0 p.m.22 views

CVE-2024-9788 LyLme_spage tag.php sql injection

A vulnerability has been found in LyLmespage 1.9.5 and classified as critical. This vulnerability affects unknown code of the file /admin/tag.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may...

5.8CVSS0.00547EPSS
Exploits1References4
Patchstack
Patchstack
added 2024/10/09 12:0 a.m.16 views

WordPress Responsive Poll Plugin <= 2.3.9 is vulnerable to SQL Injection

Software Responsive Poll Type Plugin Vulnerable versions = 2.3.9 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-9022 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 2e687784b00a Credits WordFence Required privilege Administrator Published...

7.2CVSS7.2AI score0.02277EPSS
Exploits2References4Affected Software1
Packet Storm
Packet Storm
added 2024/09/26 12:0 a.m.288 views

Responsive Binary mlm 3.2.0 SQL Injection

==================================================================================================================================== | Title : Responsive Binary mlm 3.2.0 Auth By PAss Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits...

7.4AI score
Exploits0
CVE
CVE
added 2024/09/15 12:31 a.m.42 views

CVE-2024-8864

CVE-2024-8864 affects ComposioHQ Composio up to 0.5.6. The vulnerability targets the Calculator function in python/composio/tools/local/mathematical/actions/calculator.py, where input manipulation enables code injection and arbitrary code execution. The public exploit is disclosed; vendor respons...

8.8CVSS6.3AI score0.00823EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/09/14 8:15 p.m.39 views

CVE-2024-8862

A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be...

9.8CVSS0.01328EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/09/10 7:31 p.m.11 views

CVE-2024-8655 Mercury MNVR816 web-static file access

A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to...

6.9CVSS5.3AI score0.00455EPSS
Exploits0References3
Rows per page
Query Builder