Search Results (363638 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-35654 1 Cyberchimps 1 Responsive 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CyberChimps Responsive allows Stored XSS.This issue affects Responsive: from n/a through 5.0.3.
CVE-2024-35651 1 Spiffyplugins 1 Wp Flow Plus 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins WP Flow Plus allows Stored XSS.This issue affects WP Flow Plus: from n/a through 5.2.2.
CVE-2024-35634 1 Wow-company 1 Woocommerce - Recent Purchases 2024-11-21 4.9 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wow-Company Woocommerce – Recent Purchases allows PHP Local File Inclusion.This issue affects Woocommerce – Recent Purchases: from n/a through 1.0.1.
CVE-2024-35629 1 Wow-company 1 Easy Digital Downloads 2024-11-21 9.6 Critical
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Easy Digital Downloads – Recent Purchases allows PHP Remote File Inclusion.This issue affects Easy Digital Downloads – Recent Purchases: from n/a through 1.0.2.
CVE-2024-35628 2024-11-21 4.3 Medium
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web.This issue affects Photo Gallery by 10Web: from n/a through 1.8.25.
CVE-2024-35338 1 Tendacn 2 I29, I29 Firmware 2024-11-21 9.8 Critical
Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.
CVE-2024-35234 1 Discourse 1 Discourse 2024-11-21 4.2 Medium
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only affects sites with Content Security Polic (CSP) disabled. The problem has been patched in version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch. As a workaround, ensure CSP is enabled on the forum.
CVE-2024-35208 1 Siemens 1 Sinec Traffic Analyzer 2024-11-21 6.3 Medium
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords.
CVE-2024-35207 1 Siemens 1 Sinec Traffic Analyzer 2024-11-21 7.8 High
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery(CSRF) attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.
CVE-2024-35178 2 Jupyter, Microsoft 2 Jupyter Server, Windows 2024-11-21 7.5 High
The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other network-accessible machines or 3rd party services using that credential. Or an attacker perform an NTLM relay attack without cracking the credential to gain access to other network-accessible machines. This vulnerability is fixed in 2.14.1.
CVE-2024-35156 1 Ibm 2 Mq, Mq Appliance 2024-11-21 6.5 Medium
IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292766.
CVE-2024-35155 1 Ibm 2 Mq, Mq Appliance 2024-11-21 6.5 Medium
IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765.
CVE-2024-35154 1 Ibm 1 Websphere Application Server 2024-11-21 7.2 High
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Using specially crafted input, the attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 292641.
CVE-2024-35153 1 Ibm 1 Websphere Application Server 2024-11-21 4.8 Medium
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 292640.
CVE-2024-35119 1 Ibm 1 Infosphere Information Server 2024-11-21 5.3 Medium
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342.
CVE-2024-35116 1 Ibm 2 Mq, Mq Appliance 2024-11-21 5.9 Medium
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: 290335.
CVE-2024-34824 1 Themeboy 1 Sportspress 2024-11-21 4.3 Medium
Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20.
CVE-2024-34822 1 Wedevs 1 Wemail 2024-11-21 5.3 Medium
Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2.
CVE-2024-34802 1 Wpfoxly 1 Adfoxly 2024-11-21 5.3 Medium
Missing Authorization vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5.
CVE-2024-34792 1 Dextaz Ping Project 1 Dextaz Ping 2024-11-21 9.1 Critical
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in dexta Dextaz Ping allows Command Injection.This issue affects Dextaz Ping: from n/a through 0.65.