Total
277445 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33524 | 1 Advent | 1 Tamale Rms | 2025-01-08 | 5.3 Medium |
| Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses, and other internal information stored within the web app. | ||||
| CVE-2023-33518 | 1 Emoncms | 1 Emoncms | 2025-01-08 | 5.3 Medium |
| emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request. | ||||
| CVE-2023-33410 | 1 Minical | 1 Minical | 2025-01-08 | 8.8 High |
| Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field in the Accounting module that is used to construct a CSV file. | ||||
| CVE-2023-33409 | 1 Minical | 1 Minical | 2025-01-08 | 6.5 Medium |
| Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php. | ||||
| CVE-2024-30041 | 1 Microsoft | 1 Bing Search | 2025-01-08 | 5.4 Medium |
| Microsoft Bing Search Spoofing Vulnerability | ||||
| CVE-2024-1537 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2025-01-08 | 6.4 Medium |
| The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Data Table widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-1236 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2025-01-08 | 6.4 Medium |
| The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-1172 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2025-01-08 | 5.4 Medium |
| The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-1171 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2025-01-08 | 5.4 Medium |
| The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-0516 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-01-08 | 5.3 Medium |
| The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update certain metadata. | ||||
| CVE-2024-0515 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-01-08 | 4.3 Medium |
| The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_compare function. This makes it possible for unauthenticated attackers to remove items from user compare lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-30042 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-01-08 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2024-0514 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-01-08 | 4.3 Medium |
| The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_compare function. This makes it possible for unauthenticated attackers to add items to user compare lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-0513 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-01-08 | 4.3 Medium |
| The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_wishlist function. This makes it possible for unauthenticated attackers to remove items from user wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-1625 | 1 Lunary | 1 Lunary | 2025-01-08 | 6.5 Medium |
| An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails to verify if the project ID provided in the request belongs to the requesting user's organization. As a result, an attacker can delete projects belonging to any organization by sending a crafted DELETE request with the target project's ID. This issue affects the project deletion functionality implemented in the projects.delete route. | ||||
| CVE-2024-30043 | 1 Microsoft | 1 Sharepoint Server | 2025-01-08 | 6.5 Medium |
| Microsoft SharePoint Server Information Disclosure Vulnerability | ||||
| CVE-2022-46088 | 1 Oretnom23 | 1 Online Flight Booking Management System | 2025-01-08 | 6.1 Medium |
| Online Flight Booking Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the feedback form. | ||||
| CVE-2024-23328 | 1 Dataease | 1 Dataease | 2025-01-08 | 9.1 Critical |
| Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The location of the vulnerability code is `core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java.` The blacklist of mysql jdbc attacks can be bypassed and attackers can further exploit it for deserialized execution or reading arbitrary files. This vulnerability is patched in 1.18.15 and 2.3.0. | ||||
| CVE-2024-0512 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-01-08 | 4.3 Medium |
| The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_wishlist function. This makes it possible for unauthenticated attackers to add items to user wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-30044 | 1 Microsoft | 1 Sharepoint Server | 2025-01-08 | 7.2 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||