Total
263547 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9033 | 1 Sourcecodester | 1 Best House Rental Management System | 2024-09-20 | 3.5 Low |
| A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_category. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8862 | 2 H2o, H2oai | 2 H2o, H2o-3 | 2024-09-20 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in h2oai h2o-3 3.46.0.4. This issue affects the function getConnectionSafe of the file /dtale/chart-data/1 of the component JDBC Connection Handler. The manipulation of the argument query leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-43976 | 1 Catonetworks | 1 Cato Client | 2024-09-20 | 8.1 High |
| An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component. | ||||
| CVE-2024-46999 | 1 Zitadel | 1 Zitadel | 2024-09-20 | 7.3 High |
| Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to unauthorized access to applications and resources. Additionally, the management and auth API always returned the state as active or did not provide any information about the state. Versions 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8, and 2.54.10 have been released which address this issue. Users are advised to upgrade. Users unable to upgrade may explicitly remove the user grants to make sure the user does not get access anymore. | ||||
| CVE-2024-8863 | 2 Aimhubio, Aimstack | 2 Aim, Aim | 2024-09-20 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in aimhubio aim up to 3.24. Affected is the function dangerouslySetInnerHTML of the file textbox.tsx of the component Text Explorer. The manipulation of the argument query leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-44973 | 1 Emlog | 1 Emlog | 2024-09-20 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2023-41658 | 1 I13websolution | 1 Web Solution Photo Gallery Slideshow \& Masonry Tiled Gallery | 2024-09-20 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <= 1.0.13 versions. | ||||
| CVE-2023-41666 | 1 Stockdio | 1 Stock Quotes List | 2024-09-20 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Stockdio Stock Quotes List plugin <= 2.9.9 versions. | ||||
| CVE-2024-47000 | 1 Zitadel | 1 Zitadel | 2024-09-20 | 8.1 High |
| Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability to request tokens, which could lead to unauthorized access to applications and resources. Versions 2.62.1, 2.61.1, 2.60.2, 2.59.3, 2.58.5, 2.57.5, 2.56.6, 2.55.8, and 2.54.10 have been released which address this issue. Users are advised t upgrade. Users unable to upgrade may instead of deactivating the service account, consider creating new credentials and replacing the old ones wherever they are used. This effectively prevents the deactivated service account from being utilized. Be sure to revoke all existing authentication keys associated with the service account and to rotate the service account's password. | ||||
| CVE-2024-9030 | 1 Codecanyon | 1 Crmgo Saas | 2024-09-20 | 3.5 Low |
| A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. This vulnerability affects unknown code of the file /deal/{note_id}/note. The manipulation of the argument notes leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-44145 | 1 Jesweb | 1 Anchor Episodes Index \(spotify For Podcasters\) | 2024-09-20 | 6.5 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jesweb.Dev Anchor Episodes Index (Spotify for Podcasters) plugin <= 2.1.7 versions. | ||||
| CVE-2023-44144 | 1 Dreamfoxmedia | 1 Payment Gateway Per Product For Woocommerce | 2024-09-20 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <= 3.2.7 versions. | ||||
| CVE-2024-8866 | 2 Autocms, Autocms Project | 2 Autocms, Autocms | 2024-09-20 | 4.3 Medium |
| A vulnerability was found in AutoCMS 5.4. It has been classified as problematic. This affects an unknown part of the file /admin/robot.php. The manipulation of the argument sidebar leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-28372 | 1 Purestorage | 1 Purity | 2024-09-20 | 6.5 Medium |
| A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock. | ||||
| CVE-2023-26236 | 1 Watchguard | 8 Edr, Edr Firmware, Epdr and 5 more | 2024-09-20 | 7.8 High |
| An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe. | ||||
| CVE-2023-41687 | 1 Goods Catalog Project | 1 Goods Catalog | 2024-09-20 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Irina Sokolovskaya Goods Catalog plugin <= 2.4.1 versions. | ||||
| CVE-2023-44263 | 1 Riyaz | 1 Social Metrics | 2024-09-20 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Riyaz Social Metrics plugin <= 2.2 versions. | ||||
| CVE-2023-44239 | 1 Walkswithme | 1 Social Share On Image Hover | 2024-09-20 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jobin Jose WWM Social Share On Image Hover plugin <= 2.2 versions. | ||||
| CVE-2023-44244 | 1 Fooplugins | 1 Foogallery | 2024-09-20 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.44 versions. | ||||
| CVE-2023-44477 | 1 Boxystudio | 1 Cooked | 2024-09-20 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Boxy Studio Cooked plugin <= 1.7.13 versions. | ||||