Total
263178 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-41851 | 1 Dotsquares | 1 Wp Custom Post Template | 2024-09-17 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <= 1.0 versions. | ||||
CVE-2023-41852 | 1 Mailmunch | 1 Mailmunch | 2024-09-17 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch – Grow your Email List plugin <= 3.1.2 versions. | ||||
CVE-2023-45573 | 2 D-link, Dlink | 21 Di-7003gv2.d1, Di-7100g.v2.d1, Di-7100gv2.d1 and 18 more | 2024-09-17 | 9.8 Critical |
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the n parameter of the mrclfile_del.asp function. | ||||
CVE-2023-41853 | 1 Wpicalavailability | 1 Wp Ical Availability | 2024-09-17 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <= 1.0.3 versions. | ||||
CVE-2024-38380 | 2024-09-17 | 5.5 Medium | ||
This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session. | ||||
CVE-2024-8754 | 1 Gitlab | 1 Gitlab | 2024-09-17 | 6.4 Medium |
An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is configured. | ||||
CVE-2023-45574 | 2 D-link, Dlink | 21 Di-7003gv2.d1, Di-7100g.v2.d1, Di-7100gv2.d1 and 18 more | 2024-09-17 | 9.8 Critical |
Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function. | ||||
CVE-2023-41854 | 1 Wpcentral | 1 Wpcentral | 2024-09-17 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. WpCentral plugin <= 1.5.7 versions. | ||||
CVE-2023-41858 | 1 Tychesoftwares | 1 Order Delivery Date For Woocommerce | 2024-09-17 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions. | ||||
CVE-2023-41876 | 1 Wp Gallery Metabox Project | 1 Wp Gallery Metabox | 2024-09-17 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions. | ||||
CVE-2024-3727 | 1 Redhat | 18 Acm, Advanced Cluster Security, Ansible Automation Platform and 15 more | 2024-09-17 | 8.3 High |
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. | ||||
CVE-2023-44257 | 1 Mangboard | 1 Mang Board | 2024-09-17 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Hometory Mang Board WP plugin <= 1.7.6 versions. | ||||
CVE-2023-44259 | 1 Mediavine | 1 Mediavine Control Panel | 2024-09-17 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine Control Panel plugin <= 2.10.2 versions. | ||||
CVE-2023-45575 | 2 D-link, Dlink | 21 Di-7003gv2.d1, Di-7100g.v2.d1, Di-7100gv2.d1 and 18 more | 2024-09-17 | 9.8 Critical |
Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function. | ||||
CVE-2024-40859 | 2024-09-17 | N/A | ||
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data. | ||||
CVE-2024-43238 | 1 Getwemail | 1 Wemail | 2024-09-17 | 7.1 High |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs weMail allows Reflected XSS.This issue affects weMail: from n/a through 1.14.5. | ||||
CVE-2024-44164 | 2024-09-17 | N/A | ||
This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to bypass Privacy preferences. | ||||
CVE-2023-44261 | 1 Dineshkarki | 1 Block Plugin Update | 2024-09-17 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <= 3.3 versions. | ||||
CVE-2024-44133 | 2024-09-17 | N/A | ||
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy preferences. | ||||
CVE-2024-44125 | 2024-09-17 | N/A | ||
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to leak sensitive user information. |