Total
277601 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38795 | 1 Cridio | 1 Listingpro | 2024-08-30 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4. | ||||
| CVE-2024-39620 | 1 Cridio | 1 Listingpro | 2024-08-30 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro allows SQL Injection.This issue affects ListingPro: from n/a through 2.9.4. | ||||
| CVE-2024-39622 | 1 Cridio | 1 Listingpro | 2024-08-30 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro.This issue affects ListingPro: from n/a through 2.9.4. | ||||
| CVE-2024-43954 | 1 Themeum | 1 Droip | 2024-08-30 | 6.3 Medium |
| Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1. | ||||
| CVE-2024-43955 | 1 Themeum | 1 Droip | 2024-08-30 | 10 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1. | ||||
| CVE-2024-43950 | 1 Nextbricks | 1 Bricksore | 2024-08-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nextbricks Brickscore allows Stored XSS.This issue affects Brickscore: from n/a through 1.4.2.5. | ||||
| CVE-2024-44070 | 2 Frrouting, Redhat | 2 Frrouting, Enterprise Linux | 2024-08-30 | 9.8 Critical |
| An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. | ||||
| CVE-2024-43951 | 1 Cryoutcreations | 1 Tempera | 2024-08-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Tempera allows Stored XSS.This issue affects Tempera: from n/a through 1.8.2. | ||||
| CVE-2024-43952 | 1 Cryoutcreations | 1 Esotera | 2024-08-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Esotera allows Stored XSS.This issue affects Esotera: from n/a through 1.2.5.1. | ||||
| CVE-2024-43953 | 1 Wpbakery | 1 Page Builder | 2024-08-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Classic Addons Classic Addons – WPBakery Page Builder allows Stored XSS.This issue affects Classic Addons – WPBakery Page Builder: from n/a through 3.0. | ||||
| CVE-2024-43958 | 1 Gianniporto | 1 Intothedark | 2024-08-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gianni Porto IntoTheDark allows Reflected XSS.This issue affects IntoTheDark: from n/a through 1.0.5. | ||||
| CVE-2024-8064 | 2024-08-30 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-7712 | 2024-08-30 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-7051 | 2024-08-30 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-6331 | 1 Stitionai | 1 Devika | 2024-08-30 | 7.5 High |
| stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. The integration of Google Gimini 1.0 Pro with `HarmBlockThreshold.BLOCK_NONE` for `HarmCategory.HARM_CATEGORY_HATE_SPEECH` and `HarmCategory.HARM_CATEGORY_HARASSMENT` in `safety_settings` disables content protection. This allows malicious commands to be executed, such as reading sensitive file contents like `/etc/passwd`. | ||||
| CVE-2024-43960 | 1 Pagebuilderaddons | 1 Web And Woocommerce Addons For Wpbakery Builder | 2024-08-30 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Page Builder Addons Web and WooCommerce Addons for WPBakery Builder allows Stored XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder: from n/a through 1.4.6. | ||||
| CVE-2024-43963 | 1 Waspthemes | 2 Yellowpencil, Yellowpencil Visual Css Style Editor | 2024-08-30 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WaspThemes YellowPencil Visual CSS Style Editor allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through 7.6.1. | ||||
| CVE-2024-45436 | 1 Ollama | 1 Ollama | 2024-08-30 | 9.1 Critical |
| extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory. | ||||
| CVE-2024-41918 | 1 Rakuten | 1 Ichiba | 2024-08-30 | 3.1 Low |
| 'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. An arbitrary site may be displayed on the WebView of the product via Intent from another application installed on the user's device. As a result, the user may be redirected to an unauthorized site, and the user may become a victim of a phishing attack. | ||||
| CVE-2024-41236 | 2 Kashipara, Lopalopa | 2 Responsive School Management System, Responsive School Management System | 2024-08-30 | 5.4 Medium |
| A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page | ||||