CVE-2024-1068

The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins...

CVE-2024-51377

An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk On-Premise and Cloud 9.2.0 allows a remote attacker to execute arbitrary code via the Subject and Identifier fields...

CVE-2024-37557

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Soham Web Solution WP Cookie Law Info allows Stored XSS.This issue affects WP Cookie Law Info: from n/a through 1.1...

CVE-2024-31984

XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the Solr-based search in XWiki. This allows any user who can edi...

CVE-2024-51785

Server-Side Request Forgery SSRF vulnerability in Nks Responsive Filterable Portfolio responsive-filterable-portfolio allows Server Side Request Forgery.This issue affects Responsive Filterable Portfolio: from n/a through = 1.0.22...

CVE-2023-28776

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin = 1.0.15 versions...

CVE-2023-26458

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The...

CVE-2023-52146

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0...

CVE-2023-30489

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Email Subscription Popup plugin = 1.2.16 versions...

CVE-2023-30477

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Essitco AFFILIATE Solution plugin = 1.0 versions...

CVE-2023-41731

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution WordPress publish post email notification plugin = 1.0.2.2 versions...

CVE-2023-23852

SAP Solution Manager System Monitoring - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2023-23855

SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to...

CVE-2023-49587

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network...

CVE-2023-36925

SAP Solution Manager Diagnostics agent - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application and other applications the Diagnostics Agent can...

CVE-2023-27893

An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems ST-PI - versions 20881700, 20081710, 740, can use a vulnerable interface to execute an application function to perform actions which they...

CVE-2023-24392

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Full Width Banner Slider Wp plugin = 1.1.7 versions...

CVE-2023-0024

SAP Solution Manager BSP Application - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources, resulting in...

CVE-2023-0025

SAP Solution Manager BSP Application - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources...

CVE-2023-0870

A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer...