19 matches found
EUVD-2024-40715
Malicious code in bioql PyPI...
EUVD-2024-36690
Malicious code in bioql PyPI...
EUVD-2024-36689
Malicious code in bioql PyPI...
CVE-2024-43234
Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice woffice allows Authentication Bypass.This issue affects Woffice: from n/a through = 5.4.14...
CVE-2024-43153
Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through = 5.4.10...
CVE-2024-37472
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through = 5.4.8...
CVE-2024-37470
Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8...
CVE-2024-37471
Cross Site Scripting XSS vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8...
CVE-2024-43234
Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14...
CVE-2024-37470
Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8...
CVE-2024-37470 WordPress Woffice Core plugin <= 5.4.8 - Unauthenticated Broken Access Control vulnerability
Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8...
CVE-2024-37470
CVE-2024-37470 describes a Missing Authorization vulnerability in Woffice Core (WordPress plugin) up to version 5.4.8. The issue allows accessing functionality not properly constrained by ACLs due to missing authorization checks, as documented in multiple sources. The impact is stated as high for...
CVE-2024-43153
Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through = 5.4.10...
CVE-2024-43153
CVE-2024-43153 affects Woffice (Woffice CRM) in WordPress. The vulnerability is an Improper Privilege Management that enables Privilege Escalation in Woffice versions up to 5.4.10 (no earlier-verified details provided). CVSS v3.1 base score is 9.8 (CRITICAL) with network attack vector, no user in...
CVE-2024-37471
Cross Site Scripting XSS vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8...
CVE-2024-37472
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through = 5.4.8...
CVE-2024-37471
CVE-2024-37471 is a reflected XSS vulnerability in Woffice Core (WordPress plugin) affecting Woffice Core versions up to 5.4.8. The CVE entry, including references, notes the issue as Reflected XSS and indicates it has been patched. In practice, exploited input could affect users visiting a craft...
CVE-2024-37472
CVE-2024-37472 is a reflected XSS in Woffice Core / Woffice CRM affecting Woffice versions up to 5.4.8. The issue allows injection of script in victims’ browsers and requires user interaction. Patch availability: latest fixed version stated as 5.4.8; CVSS base score and details vary by source.
CVE-2024-37472 WordPress Woffice theme <= 5.4.8 - Reflected Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability in WofficeIO Woffice allows Reflected XSS.This issue affects Woffice: from n/a through 5.4.8...