Search Results (37092 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-30539 1 Getawesomesupport 1 Awesome Support 2024-11-21 5.3 Medium
Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7.
CVE-2024-30538 1 Delucks 1 Delucks Seo 2024-11-21 5.3 Medium
Missing Authorization vulnerability in DELUCKS GmbH DELUCKS SEO.This issue affects DELUCKS SEO: from n/a through 2.5.4.
CVE-2024-30537 1 Wpclever 1 Wpc Badge Management For Woocommerce 2024-11-21 4.3 Medium
Missing Authorization vulnerability in WPClever WPC Badge Management for WooCommerce.This issue affects WPC Badge Management for WooCommerce: from n/a through 2.4.0.
CVE-2024-30528 1 Spiffyplugins 1 Spiffy Calendar 2024-11-21 5.4 Medium
Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10.
CVE-2024-30525 1 Moveaddons 1 Move Addons For Elementor 2024-11-21 5.3 Medium
Missing Authorization vulnerability in moveaddons Move Addons for Elementor.This issue affects Move Addons for Elementor: from n/a through 1.2.9.
CVE-2024-30517 1 Slicedinvoices 1 Sliced Invoices 2024-11-21 4.3 Medium
Missing Authorization vulnerability in Sliced Invoices.This issue affects Sliced Invoices: from n/a through 3.9.2.
CVE-2024-30515 1 Pixelite 1 Events Manager 2024-11-21 4.3 Medium
Missing Authorization vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.6.4.
CVE-2024-30512 1 Weformspro 1 Weforms 2024-11-21 3.7 Low
Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20.
CVE-2024-30484 1 Risethemes 1 Rt Easy Builder 2024-11-21 4.3 Medium
Missing Authorization vulnerability in RT Easy Builder – Advanced addons for Elementor.This issue affects RT Easy Builder – Advanced addons for Elementor: from n/a through 2.0.
CVE-2024-30470 1 Yithemes 1 Woocommerce Account Funds 2024-11-21 6.5 Medium
Missing Authorization vulnerability in YITH YITH WooCommerce Account Funds Premium.This issue affects YITH WooCommerce Account Funds Premium: from n/a through 1.33.0.
CVE-2024-30467 1 Wpdeveloper 1 Essential Blocks 2024-11-21 6.5 Medium
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through 4.4.9.
CVE-2024-30466 1 Onthegosystems 1 Woocommerce Multilingual \& Multicurrency 2024-11-21 5.4 Medium
Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.4.
CVE-2024-30465 1 Pagelayer 1 Pagelayer 2024-11-21 6.5 Medium
Missing Authorization vulnerability in Pagelayer Team PageLayer.This issue affects PageLayer: from n/a through 1.8.1.
CVE-2024-30157 1 Mitel 1 Micollab 2024-11-21 7.2 High
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations.
CVE-2024-2879 1 Layerslider 1 Layerslider 2024-11-21 9.8 Critical
The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2024-2743 1 Gitlab 1 Gitlab 2024-11-21 5.3 Medium
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.
CVE-2024-2622 2024-11-21 6.3 Medium
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318. It has been classified as critical. This affects an unknown part of the file /api/client/editemedia.php. The manipulation of the argument number/enterprise_uuid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257199.
CVE-2024-2621 2024-11-21 6.3 Medium
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php. The manipulation of the argument uuid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257198 is the identifier assigned to this vulnerability.
CVE-2024-2620 2024-11-21 6.3 Medium
A vulnerability has been found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this vulnerability is an unknown functionality of the file api/client/down_file.php. The manipulation of the argument uuid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257197 was assigned to this vulnerability.
CVE-2024-2566 2024-11-21 7.3 High
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240313. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file api/client/get_extension_yl.php. The manipulation of the argument imei leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257065 was assigned to this vulnerability.