CVE-2024-35169

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in allbootstrapblocks All Bootstrap Blocks all-bootstrap-blocks.This issue affects All Bootstrap Blocks: from n/a through = 1.3.15...

CVE-2024-50521

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in alleythemes Alley Elementor Widget alley-elementor-widget allows DOM-Based XSS.This issue affects Alley Elementor Widget: from n/a through = 1.0.7...

CVE-2024-43210

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Stored XSS.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.9.2...

CVE-2024-51902

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in cybio TinyCode tinycode allows Stored XSS.This issue affects TinyCode: from n/a through = 1.2.1...

CVE-2024-6446

An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application...

CVE-2024-33931

Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n/a through 2.3.3...

CVE-2024-6595

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data...

CVE-2024-31937

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Visitor Analytics TWIPLA Visitor Analytics IO allows Stored XSS.This issue affects TWIPLA Visitor Analytics IO: from n/a through 1.2.0...

CVE-2024-31386

Cross-Site Request Forgery CSRF vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet...

CVE-2024-38705

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ElementInvader ElementInvader Addons for Elementor allows Stored XSS.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.4...

CVE-2023-28766

A vulnerability has been identified in SIPROTEC 5 6MD85 CP300 All versions = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 V9.40, SIP...

CVE-2023-22489

Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...

CVE-2023-30776

An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1...

CVE-2023-0574

Server-Side Request Forgery SSRF, Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communicati...

CVE-2023-51510

Cross-Site Request Forgery CSRF vulnerability in Atlas Gondal Export Media URLs.This issue affects Export Media URLs: from n/a through 1.0...

CVE-2023-51469

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mestres do WP Checkout Mestres WP.This issue affects Checkout Mestres WP: from n/a through 7.1.9.6...

CVE-2023-39921

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Molongui Author Box, Guest Author and Co-Authors for Your Posts – Molongui allows Stored XSS.This issue affects Author Box, Guest Author and Co-Authors for Your Posts – Molongui: from n/a through...

CVE-2023-26020

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26...

CVE-2023-34370

Server-Side Request Forgery SSRF vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premiu...

CVE-2023-45384

KnowBand supercheckout 5.0.7 and 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the module "Module One Page Checkout, Social Login & Mailchimp" supercheckout, a guest can upload files with extensions .php...