Total
263540 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41733 | 1 Yydevelopment | 1 Back To The Top Button | 2024-09-20 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in YYDevelopment Back To The Top Button plugin <= 2.1.5 versions. | ||||
| CVE-2024-40125 | 1 Closedlooptechnology | 1 Cless Server | 2024-09-20 | 9.8 Critical |
| An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint. | ||||
| CVE-2024-33109 | 1 Ergophone | 1 Tiptel Ip 286 Firmware | 2024-09-20 | 9.9 Critical |
| Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. | ||||
| CVE-2024-46978 | 1 Xwiki | 1 Xwiki-platform | 2024-09-20 | 6.5 Medium |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. The patch consists in checking properly the rights of the user before performing any action on the filters. Users are advised to upgrade. It's possible to fix manually the vulnerability by editing the document `XWiki.Notifications.Code.NotificationPreferenceService` to apply the changes performed in commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4. | ||||
| CVE-2023-35803 | 1 Extremenetworks | 29 Ap1130, Ap122, Ap130 and 26 more | 2024-09-20 | 9.8 Critical |
| IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow. | ||||
| CVE-2024-9009 | 1 Code-projects | 1 Online Quiz Site | 2024-09-20 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in code-projects Online Quiz Site 1.0. This issue affects some unknown processing of the file showtest.php. The manipulation of the argument subid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-46970 | 1 Jetbrains | 1 Intellij Idea | 2024-09-20 | 3.3 Low |
| In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible | ||||
| CVE-2023-41729 | 1 Pressified | 1 Sendpress | 2024-09-20 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions. | ||||
| CVE-2023-41692 | 1 Hennessey | 1 Attorney | 2024-09-20 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hennessey Digital Attorney theme <= 3 theme. | ||||
| CVE-2023-37891 | 1 Optimonk | 1 Optimonk\ | 2024-09-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <= 2.0.4 versions. | ||||
| CVE-2023-40009 | 1 Thimpress | 1 Wp Pipes | 2024-09-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions. | ||||
| CVE-2023-32091 | 1 Poeditor | 1 Poeditor | 2024-09-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions. | ||||
| CVE-2023-27435 | 1 Yasglobal | 1 Http Auth | 2024-09-20 | 6.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions. | ||||
| CVE-2023-37991 | 1 Monchito | 1 Wp Emoji One | 2024-09-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emoji One plugin <= 0.6.0 versions. | ||||
| CVE-2023-38381 | 1 Wp-flybox Project | 1 Wp-flybox | 2024-09-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyBox plugin <= 6.46 versions. | ||||
| CVE-2022-46841 | 1 Soflyy | 1 Oxygen | 2024-09-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions. | ||||
| CVE-2023-40210 | 1 Sean-barton | 1 Sb Child List | 2024-09-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions. | ||||
| CVE-2023-40202 | 1 Codemiq | 1 Wp Html Mail | 2024-09-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <= 3.4.1 versions. | ||||
| CVE-2023-40201 | 1 Futuriowp | 1 Futurio Extra | 2024-09-20 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin. | ||||
| CVE-2023-40198 | 1 Antsanchez | 1 Easy Cookie Law | 2024-09-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions. | ||||