Total
277606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7032 | 1 Zaytech | 1 Smart Online Order For Clover | 2024-08-31 | 6.5 Medium |
| The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'moo_deactivateAndClean' function in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to deactivate the plugin and drop all plugin tables from the database. | ||||
| CVE-2024-7030 | 1 Zaytech | 1 Smart Online Order For Clover | 2024-08-31 | 4.3 Medium |
| The Smart Online Order for Clover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update product and category descriptions, category titles and images, and sort order. | ||||
| CVE-2024-42939 | 1 Yzncms | 1 Yzncms | 2024-08-31 | 4.6 Medium |
| A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the configured remarks text field. | ||||
| CVE-2022-4538 | 2024-08-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2022-4528 | 2024-08-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2022-4412 | 2024-08-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-42379 | 2024-08-30 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-4540 | 2024-08-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2022-4530 | 2024-08-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2022-4424 | 2024-08-30 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error and is not a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-42337 | 1 Cyberark | 1 Identity | 2024-08-30 | 4.3 Medium |
| CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-42338 | 1 Cyberark | 1 Identity | 2024-08-30 | 4.3 Medium |
| CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-42340 | 1 Cyberark | 1 Identity | 2024-08-30 | 8.3 High |
| CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security | ||||
| CVE-2024-42339 | 1 Cyberark | 1 Identity | 2024-08-30 | 4.3 Medium |
| CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-45488 | 1 Safeguard | 1 Privileged Passwords | 2024-08-30 | 9.8 Critical |
| One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2. | ||||
| CVE-2024-3673 | 1 Salephpscripts | 1 Web Directory Free | 2024-08-30 | 9.1 Critical |
| The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues. | ||||
| CVE-2024-38869 | 1 Zohocorp | 4 Manageengine Endpoint Central, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2024-08-30 | 8.3 High |
| Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25. | ||||
| CVE-2024-41889 | 1 Pimax | 2 Pitool, Play | 2024-08-30 | 8.8 High |
| Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker. | ||||
| CVE-2024-41720 | 1 Zexelon | 2 Zwx-2000csw2-hn, Zwx-2000csw2-hn Firmware | 2024-08-30 | 8.0 High |
| Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device. | ||||
| CVE-2024-39838 | 1 Zexelon | 2 Zwx-2000csw2-hn, Zwx-2000csw2-hn Firmware | 2024-08-30 | 8.8 High |
| ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device. | ||||