Search Results (363167 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-38972 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/.
CVE-2024-38872 1 Zohocorp 1 Manageengine Exchange Reporter Plus 2024-11-21 8.3 High
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module.
CVE-2024-38871 1 Zohocorp 1 Manageengine Exchange Reporter Plus 2024-11-21 8.3 High
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module.
CVE-2024-38786 1 Burgersoftwares 1 Cozipress 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BurgerThemes CoziPress allows Stored XSS.This issue affects CoziPress: from n/a through 1.0.30.
CVE-2024-38784 1 Livemesh 1 Beaver Builder Addons 2024-11-21 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Beaver Builder allows Stored XSS.This issue affects Livemesh Addons for Beaver Builder: from n/a through 3.6.1.
CVE-2024-38782 1 Mapsmarker 1 Leaflet Maps Marker 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MapsMarker.Com e.U. Leaflet Maps Marker allows Stored XSS.This issue affects Leaflet Maps Marker: from n/a through 3.12.9.
CVE-2024-38773 1 Formlift 1 Formlift For Infusionsoft Web Forms 2024-11-21 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17.
CVE-2024-38759 1 Wp-media 1 Search \& Replace 2024-11-21 5.4 Medium
Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.This issue affects Search & Replace: from n/a through 3.2.2.
CVE-2024-38755 1 Designinvento 1 Directorypress 2024-11-21 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Designinvento DirectoryPress allows SQL Injection.This issue affects DirectoryPress: from n/a through 3.6.10.
CVE-2024-38730 1 Wpthemespace 1 Magical Addons For Elementor 2024-11-21 4.9 Medium
Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor.This issue affects Magical Addons For Elementor: from n/a through 1.1.41.
CVE-2024-38723 1 Json-content-importer 1 Json Content Importer 2024-11-21 6.4 Medium
Server-Side Request Forgery (SSRF) vulnerability in Bernhard Kux JSON Content Importer.This issue affects JSON Content Importer: from n/a through 1.5.6.
CVE-2024-38692 1 Spiffyplugins 1 Spiffy Calendar 2024-11-21 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11.
CVE-2024-38536 1 Oisf 1 Suricata 2024-11-21 7.5 High
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6.
CVE-2024-38535 1 Oisf 1 Suricata 2024-11-21 7.5 High
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6.
CVE-2024-38534 1 Oisf 1 Suricata 2024-11-21 7.5 High
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue.
CVE-2024-38529 1 Admidio 1 Admidio 2024-11-21 9.1 Critical
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL `{admidio_base_url}/adm_my_files/messages_attachments/{file_name}`. The vulnerability is caused due to the lack of file extension verification, allowing malicious files to be uploaded to the server and public availability of the uploaded file. This vulnerability is fixed in 4.3.10.
CVE-2024-38522 1 Hushline 1 Hush Line 2024-11-21 6.3 Medium
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the `tips.hushline.app` website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0.
CVE-2024-38521 1 Hushline 1 Hush Line 2024-11-21 8.8 High
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the `safe` Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0.
CVE-2024-38507 1 Jetbrains 1 Hub 2024-11-21 3.5 Low
In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible
CVE-2024-38506 1 Jetbrains 1 Youtrack 2024-11-21 6.3 Medium
In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows