Total
276737 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33179 | 1 Xibosignage | 1 Xibo | 2025-01-09 | 6.5 Medium |
| Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.5 in the `nameFilter` function used throughout the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values for logical operators. Users should upgrade to version 3.3.5 which fixes this issue. There are no known workarounds aside from upgrading. | ||||
| CVE-2023-33180 | 1 Xibosignage | 1 Xibo | 2025-01-09 | 6.5 Medium |
| Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the `/display/map` API route inside the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `bounds` parameter. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading. | ||||
| CVE-2024-48806 | 2025-01-09 | N/A | ||
| Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allows a physically proximate attackers to escalate privileges via a crafted payload to the password field | ||||
| CVE-2024-13312 | 2025-01-09 | N/A | ||
| Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9. | ||||
| CVE-2024-13311 | 2025-01-09 | N/A | ||
| Vulnerability in Drupal Allow All File Extensions for file fields.This issue affects Allow All File Extensions for file fields: *.*. | ||||
| CVE-2024-13310 | 2025-01-09 | N/A | ||
| Vulnerability in Drupal Git Utilities for Drupal.This issue affects Git Utilities for Drupal: *.*. | ||||
| CVE-2024-13309 | 2025-01-09 | N/A | ||
| Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1. | ||||
| CVE-2024-13308 | 2025-01-09 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Browser Back Button allows Cross-Site Scripting (XSS).This issue affects Browser Back Button: from 1.0.0 before 2.0.2. | ||||
| CVE-2024-13300 | 2025-01-09 | N/A | ||
| Vulnerability in Drupal Print Anything.This issue affects Print Anything: *.*. | ||||
| CVE-2024-13299 | 2025-01-09 | N/A | ||
| Vulnerability in Drupal Megamenu Framework.This issue affects Megamenu Framework: *.*. | ||||
| CVE-2024-13290 | 2025-01-09 | N/A | ||
| Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4. | ||||
| CVE-2024-13283 | 2025-01-09 | 6.1 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.9. | ||||
| CVE-2024-13273 | 2025-01-09 | 5.4 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11. | ||||
| CVE-2024-13262 | 2025-01-09 | 4.8 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal View Password allows Cross-Site Scripting (XSS).This issue affects View Password: from 0.0.0 before 6.0.4. | ||||
| CVE-2024-13252 | 2025-01-09 | 5.4 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal TacJS allows Cross-Site Scripting (XSS).This issue affects TacJS: from 0.0.0 before 6.5.0. | ||||
| CVE-2024-13247 | 2025-01-09 | 4.8 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Coffee allows Cross-Site Scripting (XSS).This issue affects Coffee: from 0.0.0 before 1.4.0. | ||||
| CVE-2024-13245 | 2025-01-09 | 5.4 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting (XSS).This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before 1.0.1. | ||||
| CVE-2024-13238 | 2025-01-09 | 5.4 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).This issue affects Typogrify: from 0.0.0 before 1.3.0. | ||||
| CVE-2024-13237 | 2025-01-09 | 5.4 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.38. | ||||
| CVE-2024-12806 | 2025-01-09 | 7.5 High | ||
| A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file. | ||||