Total
281841 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-48632 | 1 Dlink | 2 Dir-878 Firmware, Dir-882 Firmware | 2024-10-18 | 8 High |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the LocalIPAddress, TCPPorts, and UDPPorts parameters in the SetPortForwardingSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | ||||
CVE-2024-48633 | 1 Dlink | 2 Dir-878 Firmware, Dir-882 Firmware | 2024-10-18 | 8 High |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain multiple command injection vulnerabilities via the ExternalPort, InternalPort, ProtocolNumber, and LocalIPAddress parameters in the SetVirtualServerSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | ||||
CVE-2024-48635 | 1 Dlink | 2 Dir-878 Firmware, Dir-882 Firmware | 2024-10-18 | 8 High |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:2/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | ||||
CVE-2024-48636 | 1 Dlink | 2 Dir-878 Firmware, Dir-882 Firmware | 2024-10-18 | 8 High |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:0/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | ||||
CVE-2024-48637 | 1 Dlink | 2 Dir-878 Firmware, Dir-882 Firmware | 2024-10-18 | 8 High |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the VLANID:1/VID parameter in the SetVLANSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | ||||
CVE-2024-48638 | 1 Dlink | 2 Dir-878 Firmware, Dir-882 Firmware | 2024-10-18 | 8 High |
D-Link DIR_882_FW130B06 and DIR_878 DIR_878_FW130B08 were discovered to contain a command injection vulnerability via the SubnetMask parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request. | ||||
CVE-2024-49235 | 1 Videowhisper | 1 Contact Forms Live Support Crm Video Messages Plugin | 2024-10-18 | 7.5 High |
Insertion of Sensitive Information Into Sent Data vulnerability in VideoWhisper.Com Contact Forms, Live Support, CRM, Video Messages allows Retrieve Embedded Sensitive Data.This issue affects Contact Forms, Live Support, CRM, Video Messages: from n/a through 1.10.2. | ||||
CVE-2024-49246 | 2024-10-18 | 9.3 Critical | ||
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anand23 Ajax Rating with Custom Login allows SQL Injection.This issue affects Ajax Rating with Custom Login: from n/a through 1.1. | ||||
CVE-2024-49248 | 2024-10-18 | 7.1 High | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Igor Funa Ad Inserter allows Reflected XSS.This issue affects Ad Inserter: from n/a through 2.7.37. | ||||
CVE-2024-49261 | 2024-10-18 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.23.0. | ||||
CVE-2024-49262 | 2024-10-18 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wepic Country Flags for Elementor allows Stored XSS.This issue affects Country Flags for Elementor: from n/a through 1.0.1. | ||||
CVE-2024-49263 | 2024-10-18 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Takashi Matsuyama My Favorites allows Stored XSS.This issue affects My Favorites: from n/a through 1.4.1. | ||||
CVE-2024-49277 | 2024-10-18 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite allows Stored XSS.This issue affects UltraAddons Elementor Lite: from n/a through 1.1.8. | ||||
CVE-2024-49278 | 2024-10-18 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in omnipressteam Omnipress allows Stored XSS.This issue affects Omnipress: from n/a through 1.4.3. | ||||
CVE-2024-49280 | 2024-10-18 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Weblizar Lightbox slider – Responsive Lightbox Gallery allows Stored XSS.This issue affects Lightbox slider – Responsive Lightbox Gallery: from n/a through 1.10.0. | ||||
CVE-2024-49281 | 2024-10-18 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NinjaTeam Click to Chat – WP Support All-in-One Floating Widget allows Stored XSS.This issue affects Click to Chat – WP Support All-in-One Floating Widget: from n/a through 2.3.3. | ||||
CVE-2024-49284 | 1 Bogdanfix | 1 Wp Sendfox | 2024-10-18 | 5.3 Medium |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BogdanFix WP SendFox allows Retrieve Embedded Sensitive Data.This issue affects WP SendFox: from n/a through 1.3.1. | ||||
CVE-2024-49285 | 1 Moridrin | 1 Ssv Mailchimp | 2024-10-18 | 7.5 High |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Moridrin SSV MailChimp allows PHP Local File Inclusion.This issue affects SSV MailChimp: from n/a through 3.1.5. | ||||
CVE-2024-49289 | 2024-10-18 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gora Tech LLC Cooked Pro allows Stored XSS.This issue affects Cooked Pro: from n/a before 1.8.0. | ||||
CVE-2024-49291 | 1 Boxystudio | 1 Cooked | 2024-10-18 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0. |