Total
263457 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25774 | 2024-09-18 | 4.8 Medium | ||
| Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards. | ||||
| CVE-2022-25769 | 1 Mautic | 1 Mautic | 2024-09-18 | 7.2 High |
| ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path. | ||||
| CVE-2024-47058 | 2024-09-18 | 2.9 Low | ||
| With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session. | ||||
| CVE-2024-47050 | 2024-09-18 | 5.4 Medium | ||
| Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable. | ||||
| CVE-2024-46377 | 2024-09-18 | N/A | ||
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php. | ||||
| CVE-2024-46376 | 2024-09-18 | N/A | ||
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function of the file rental/admin_class.php. | ||||
| CVE-2024-46375 | 2024-09-18 | N/A | ||
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php. | ||||
| CVE-2024-46374 | 2024-09-18 | N/A | ||
| Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php. | ||||
| CVE-2024-46373 | 2024-09-18 | N/A | ||
| Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend. | ||||
| CVE-2024-46372 | 2024-09-18 | N/A | ||
| DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module. | ||||
| CVE-2024-40568 | 2024-09-18 | N/A | ||
| Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont function in the src/mesh/pb_adv.c component | ||||
| CVE-2023-30464 | 2024-09-18 | N/A | ||
| CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack. | ||||
| CVE-2022-25768 | 2024-09-18 | 7 High | ||
| The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required. | ||||
| CVE-2021-38133 | 1 Microfocus | 1 Edirectory | 2024-09-18 | 7.4 High |
| Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | ||||
| CVE-2021-38132 | 2 Microfocus, Opentext | 2 Edirectory, Edirectory | 2024-09-18 | 5.3 Medium |
| Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | ||||
| CVE-2021-38131 | 1 Microfocus | 1 Edirectory | 2024-09-18 | 5.4 Medium |
| Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000. | ||||
| CVE-2022-44758 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2024-09-18 | 6.5 Medium |
| BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized. | ||||
| CVE-2023-42782 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer-bigdata, Fortimanager | 2024-09-18 | 5 Medium |
| A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number. | ||||
| CVE-2023-41660 | 1 Wpsynchro | 1 Wp Synchro | 2024-09-18 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchro plugin <= 1.9.1 versions. | ||||
| CVE-2023-41667 | 1 Ulfbenjaminsson | 1 Wp-dtree | 2024-09-18 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions. | ||||