213680 matches found
CVE-2024-56064
Unrestricted Upload of File with Dangerous Type vulnerability in Azzaroco WP SuperBackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through 2.3.3...
CVE-2024-56042
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3...
CVE-2024-56031
Missing Authorization vulnerability in Yulio Aleman Jimenez Smart Shopify Product allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Shopify Product: from n/a through 1.0.2...
CVE-2023-48775
Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cleanfix: from n/a through 5.6.2...
CVE-2024-56205
Incorrect Privilege Assignment vulnerability in AI Magic allows Privilege Escalation.This issue affects AI Magic: from n/a through 1.0.4...
CVE-2024-56067
Missing Authorization vulnerability in Azzaroco WP SuperBackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through 2.3.3...
CVE-2023-50850
Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0...
CVE-2024-56046
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9...
CVE-2024-56071
Incorrect Privilege Assignment vulnerability in Mike Leembruggen Simple Dashboard allows Privilege Escalation.This issue affects Simple Dashboard: from n/a through 2.0...
CVE-2024-56039
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VibeThemes VibeBP allows SQL Injection.This issue affects VibeBP: from n/a before 1.9.9.7.7...
CVE-2024-55991
Missing Authorization vulnerability in WP-CRM WP-CRM System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through 3.2.9.1...
CVE-2024-56068
Deserialization of Untrusted Data vulnerability in Azzaroco WP SuperBackup.This issue affects WP SuperBackup: from n/a through 2.3.3...
CVE-2024-56041
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VibeThemes VibeBP allows SQL Injection.This issue affects VibeBP: from n/a before 1.9.9.5.1...
CVE-2024-56265
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPWeb WooCommerce PDF Vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9...
CVE-2024-56209
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SeventhQueen Kleo allows Reflected XSS.This issue affects Kleo: from n/a before 5.4.4...
CVE-2024-56233
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kinhelios Kintpv Wooconnect allows Stored XSS.This issue affects Kintpv Wooconnect: from n/a through 8.129...
CVE-2024-56221
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Elicus WPMozo Addons Lite for Elementor allows Stored XSS.This issue affects WPMozo Addons Lite for Elementor: from n/a through 1.2.0...
CVE-2024-56223
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Fahad Mahmood Gulri Slider allows Reflected XSS.This issue affects Gulri Slider: from n/a through 3.5.8...
CVE-2024-56231
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Debuggers Studio SaasPricing allows DOM-Based XSS.This issue affects SaasPricing: from n/a through 1.1.4...
CVE-2024-56234
Missing Authorization vulnerability in VW THEMES VW Automobile Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Automobile Lite: from n/a through 2.1...
CVE-2024-56217
Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03...
CVE-2024-56256
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andy Fragen Embed PDF Viewer allows Stored XSS.This issue affects Embed PDF Viewer: from n/a through 2.3.1...
CVE-2024-56228
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Wishlist for WooCommerce: Multi Wishlists Per Customer allows Reflected XSS.This issue affects Wishlist for WooCommerce: Multi Wishlists Per Customer: from n/a through 3.1.2...
CVE-2024-56227
Missing Authorization vulnerability in WP Royal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through 1.7.1001...
CVE-2024-56226
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Royal Royal Elementor Addons allows Reflected XSS.This issue affects Royal Elementor Addons: from n/a through 1.7.1001...
CVE-2024-56225
Missing Authorization vulnerability in Leap13 Premium Addons for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through 4.10.56...
CVE-2024-56215
Missing Authorization vulnerability in Stephen Sherrard Member Directory and Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through 1.7.0...
CVE-2024-56235
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Coupon Plugin Coupon allows DOM-Based XSS.This issue affects Coupon: from n/a through 1.2.1...
CVE-2024-56224
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ledenbeheer allows Stored XSS.This issue affects Ledenbeheer: from n/a through 2.1.0...
CVE-2024-56210
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DeluxeThemes Userpro allows Reflected XSS.This issue affects Userpro: from n/a through 5.1.9...
CVE-2024-56219
Missing Authorization vulnerability in MarketingFire Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through 4.0.6.1...
CVE-2024-56218
Cross-Site Request Forgery CSRF vulnerability in AuRise Creative, SevenSpark Contact Form 7 Dynamic Text Extension allows Cross Site Request Forgery.This issue affects Contact Form 7 Dynamic Text Extension: from n/a through 5.0.1...
CVE-2024-56230
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Dynamic Web Lab Dynamic Product Category Grid, Slider for WooCommerce allows PHP Local File Inclusion.This issue affects Dynamic Product Category Grid, Slider for WooCommerce: fr...
CVE-2024-56229
Cross-Site Request Forgery CSRF vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.6...
CVE-2024-56214
Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro allows Path Traversal.This issue affects Userpro: from n/a through 5.1.9...
CVE-2024-56211
Missing Authorization vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9...
CVE-2024-56216
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Themify Themify Builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through 7.6.3...
CVE-2024-56212
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9...
CVE-2024-56220
Incorrect Privilege Assignment vulnerability in SSL Wireless SSL Wireless SMS Notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: from n/a through 3.5.0...
CVE-2024-56213
Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.7...
CVE-2024-56222
Cross-Site Request Forgery CSRF vulnerability in Codebard CodeBard Help Desk allows Cross Site Request Forgery.This issue affects CodeBard Help Desk: from n/a through 1.1.1...
CVE-2024-56232
Cross-Site Request Forgery CSRF vulnerability in Alexander Volkov WP Nice Loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through 0.1.0.4...
CVE-2024-49422
Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability...
CVE-2024-45497
A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories...
CVE-2024-12838
The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators...
CVE-2024-13040
The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and privileges, leading to...
CVE-2024-12839
The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program deployed on their device will send an authentication signature to the website. An unauthenticated remote...
CVE-2024-13058
An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products such ...
CVE-2024-11944
iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. T...
CVE-2024-12751
Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a maliciou...