Total 263178 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-41851 1 Dotsquares 1 Wp Custom Post Template 2024-09-17 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <= 1.0 versions.
CVE-2023-41852 1 Mailmunch 1 Mailmunch 2024-09-17 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch – Grow your Email List plugin <= 3.1.2 versions.
CVE-2023-45573 2 D-link, Dlink 21 Di-7003gv2.d1, Di-7100g.v2.d1, Di-7100gv2.d1 and 18 more 2024-09-17 9.8 Critical
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function.
CVE-2023-41853 1 Wpicalavailability 1 Wp Ical Availability 2024-09-17 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <= 1.0.3 versions.
CVE-2024-38380 2024-09-17 5.5 Medium
This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session.
CVE-2024-8754 1 Gitlab 1 Gitlab 2024-09-17 6.4 Medium
An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is configured.
CVE-2023-45574 2 D-link, Dlink 21 Di-7003gv2.d1, Di-7100g.v2.d1, Di-7100gv2.d1 and 18 more 2024-09-17 9.8 Critical
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function.
CVE-2023-41854 1 Wpcentral 1 Wpcentral 2024-09-17 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. WpCentral plugin <= 1.5.7 versions.
CVE-2023-41858 1 Tychesoftwares 1 Order Delivery Date For Woocommerce 2024-09-17 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions.
CVE-2023-41876 1 Wp Gallery Metabox Project 1 Wp Gallery Metabox 2024-09-17 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions.
CVE-2024-3727 1 Redhat 18 Acm, Advanced Cluster Security, Ansible Automation Platform and 15 more 2024-09-17 8.3 High
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
CVE-2023-44257 1 Mangboard 1 Mang Board 2024-09-17 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Hometory Mang Board WP plugin <= 1.7.6 versions.
CVE-2023-44259 1 Mediavine 1 Mediavine Control Panel 2024-09-17 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine Control Panel plugin <= 2.10.2 versions.
CVE-2023-45575 2 D-link, Dlink 21 Di-7003gv2.d1, Di-7100g.v2.d1, Di-7100gv2.d1 and 18 more 2024-09-17 9.8 Critical
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function.
CVE-2024-40859 2024-09-17 N/A
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
CVE-2024-43238 1 Getwemail 1 Wemail 2024-09-17 7.1 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs weMail allows Reflected XSS.This issue affects weMail: from n/a through 1.14.5.
CVE-2024-44164 2024-09-17 N/A
This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to bypass Privacy preferences.
CVE-2023-44261 1 Dineshkarki 1 Block Plugin Update 2024-09-17 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <= 3.3 versions.
CVE-2024-44133 2024-09-17 N/A
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences.
CVE-2024-44125 2024-09-17 N/A
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to leak sensitive user information.