Total
277601 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-43156 | 2024-08-13 | 7.1 High | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a through 3.4.10. | ||||
CVE-2024-43127 | 2024-08-13 | 7.1 High | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPFactory Products, Order & Customers Export for WooCommerce allows Reflected XSS.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.11. | ||||
CVE-2024-7616 | 1 Edimax | 4 Ic-5150w, Ic-5150w Firmware, Ic-6220dc and 1 more | 2024-08-13 | 5.5 Medium |
A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcam_cgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-43124 | 2024-08-13 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iqonic Design Graphina allows Stored XSS.This issue affects Graphina: from n/a through 1.8.10. | ||||
CVE-2024-43233 | 2024-08-13 | 7.1 High | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BannerSky BSK Forms Blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through 3.8. | ||||
CVE-2024-43213 | 2024-08-13 | 7.1 High | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MultiVendorX WC Marketplace allows Reflected XSS.This issue affects WC Marketplace: from n/a through 4.1.17. | ||||
CVE-2024-43151 | 2024-08-13 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder – Lite allows Stored XSS.This issue affects Ultimate Addons for Beaver Builder – Lite: from n/a through 1.5.9. | ||||
CVE-2024-6997 | 1 Google | 1 Chrome | 2024-08-13 | 8.8 High |
Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2024-43148 | 2024-08-13 | 5.9 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins StreamCast allows Stored XSS.This issue affects StreamCast: from n/a through 2.2.3. | ||||
CVE-2024-7408 | 1 Airveda | 2 Pm2.5 Pm10 Monitor, Pm2.5 Pm10 Monitor Firmware | 2024-08-13 | 6.5 Medium |
This vulnerability exists in Airveda Air Quality Monitor PM2.5 PM10 due to transmission of sensitive information in plain text during AP pairing mode. An attacker in close proximity could exploit this vulnerability by capturing Wi-Fi traffic of Airveda-AP. Successful exploitation of this vulnerability could allow the attacker to cause Evil Twin attack on the targeted system. | ||||
CVE-2024-37924 | 1 Wp2speed | 1 Wp2speed | 2024-08-13 | 5.3 Medium |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wp2speed WP2Speed Faster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP2Speed Faster: from n/a through 1.0.1. | ||||
CVE-2024-38742 | 2024-08-13 | 5.3 Medium | ||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in MBE Worldwide S.P.A. MBE eShip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MBE eShip: from n/a through 2.1.2. | ||||
CVE-2024-39642 | 2024-08-13 | 6.5 Medium | ||
Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2. | ||||
CVE-2024-43164 | 2024-08-13 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Blockspare allows Stored XSS.This issue affects Blockspare: from n/a through 3.2.0. | ||||
CVE-2024-43131 | 2024-08-13 | 7.5 High | ||
Incorrect Authorization vulnerability in WPWeb Docket (WooCommerce Collections / Wishlist / Watchlist) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0. | ||||
CVE-2024-6724 | 1 Magic-post-thumbnail | 1 Generate Images | 2024-08-13 | 4.8 Medium |
The Generate Images WordPress plugin before 5.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
CVE-2024-6158 | 1 Tiptoppress | 2 Category Posts, Term-and-category-based-posts | 2024-08-13 | 4.8 Medium |
The Category Posts Widget WordPress plugin before 4.9.17, term-and-category-based-posts-widget WordPress plugin before 4.9.13 does not validate and escape some of its "Category Posts" widget settings before outputting them back in a page/post where the Widget is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
CVE-2024-42632 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 8.8 High |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/page/add. | ||||
CVE-2024-42630 | 2 Frog Cms Project, Frogcms Project | 2 Frog Cms, Frogcms | 2024-08-13 | 8.8 High |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_file. | ||||
CVE-2024-42626 | 1 Frogcms Project | 1 Frogcms | 2024-08-13 | 8.8 High |
FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/snippet/add. |