Total
263561 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-33109 | 1 Ergophone | 1 Tiptel Ip 286 Firmware | 2024-09-20 | 9.9 Critical |
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. | ||||
CVE-2024-46978 | 1 Xwiki | 1 Xwiki-platform | 2024-09-20 | 6.5 Medium |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. The patch consists in checking properly the rights of the user before performing any action on the filters. Users are advised to upgrade. It's possible to fix manually the vulnerability by editing the document `XWiki.Notifications.Code.NotificationPreferenceService` to apply the changes performed in commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4. | ||||
CVE-2023-35803 | 1 Extremenetworks | 29 Ap1130, Ap122, Ap130 and 26 more | 2024-09-20 | 9.8 Critical |
IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow. | ||||
CVE-2024-9009 | 1 Code-projects | 1 Online Quiz Site | 2024-09-20 | 6.3 Medium |
A vulnerability, which was classified as critical, has been found in code-projects Online Quiz Site 1.0. This issue affects some unknown processing of the file showtest.php. The manipulation of the argument subid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-46970 | 1 Jetbrains | 1 Intellij Idea | 2024-09-20 | 3.3 Low |
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible | ||||
CVE-2023-41729 | 1 Pressified | 1 Sendpress | 2024-09-20 | 5.9 Medium |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions. | ||||
CVE-2023-41692 | 1 Hennessey | 1 Attorney | 2024-09-20 | 7.1 High |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hennessey Digital Attorney theme <= 3 theme. | ||||
CVE-2023-37891 | 1 Optimonk | 1 Optimonk\ | 2024-09-20 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <= 2.0.4 versions. | ||||
CVE-2023-40009 | 1 Thimpress | 1 Wp Pipes | 2024-09-20 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions. | ||||
CVE-2023-32091 | 1 Poeditor | 1 Poeditor | 2024-09-20 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions. | ||||
CVE-2023-27435 | 1 Yasglobal | 1 Http Auth | 2024-09-20 | 6.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions. | ||||
CVE-2023-37991 | 1 Monchito | 1 Wp Emoji One | 2024-09-20 | 4.3 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emoji One plugin <= 0.6.0 versions. | ||||
CVE-2023-38381 | 1 Wp-flybox Project | 1 Wp-flybox | 2024-09-20 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyBox plugin <= 6.46 versions. | ||||
CVE-2022-46841 | 1 Soflyy | 1 Oxygen | 2024-09-20 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions. | ||||
CVE-2023-40210 | 1 Sean-barton | 1 Sb Child List | 2024-09-20 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions. | ||||
CVE-2023-40202 | 1 Codemiq | 1 Wp Html Mail | 2024-09-20 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <= 3.4.1 versions. | ||||
CVE-2023-40201 | 1 Futuriowp | 1 Futurio Extra | 2024-09-20 | 6.5 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin. | ||||
CVE-2023-40198 | 1 Antsanchez | 1 Easy Cookie Law | 2024-09-20 | 5.4 Medium |
Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions. | ||||
CVE-2024-4465 | 1 Nozominetworks | 2 Cmc, Guardian | 2024-09-20 | 6 Medium |
An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make limited changes to the reporting configuration. This could result in a partial loss of data integrity. In Guardian/CMC instances with a reporting configuration, there could be limited Denial of Service (DoS) impacts, as the reports may not reach their intended destination, and there could also be limited information disclosure impacts. Furthermore, modifying the destination SMTP server for the reports could lead to the compromise of external credentials, as they might be sent to an unauthorized server. This could expand the scope of the attack. | ||||
CVE-2024-47085 | 1 Apexsoftcell | 1 Ld Dp Back Office | 2024-09-20 | N/A |
This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint. An authenticated remote attacker could exploit this vulnerability by manipulating parameters in the API request body leading to exposure of sensitive information belonging to other users. |