Total
277667 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56030 | 2025-01-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10CentMail allows Reflected XSS.This issue affects 10CentMail: from n/a through 2.1.50. | ||||
| CVE-2024-56029 | 2025-01-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dreamwinner Easy Language Switcher allows Reflected XSS.This issue affects Easy Language Switcher: from n/a through 1.0. | ||||
| CVE-2024-1703 | 1 Crmeb | 1 Crmeb | 2025-01-03 | 3.5 Low |
| A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1704 | 1 Crmeb | 1 Crmeb | 2025-01-03 | 5.5 Medium |
| A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been declared as critical. This vulnerability affects the function save/delete of the file /adminapi/system/crud. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6943 | 1 Crmeb | 1 Crmeb | 2025-01-03 | 6.3 Medium |
| A vulnerability has been found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this vulnerability is the function downloadImage of the file app/services/product/product/CopyTaobaoServices.php. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272065 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6944 | 1 Crmeb | 1 Crmeb | 2025-01-03 | 6.3 Medium |
| A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this issue is the function get_image_base64 of the file PublicController.php. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272066 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-56028 | 2025-01-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lemonade Coding Studio Lemonade Social Networks Autoposter Pinterest allows Reflected XSS.This issue affects Lemonade Social Networks Autoposter Pinterest: from n/a through 2.0. | ||||
| CVE-2024-56027 | 2025-01-03 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BizSwoop a CPF Concepts, LLC Brand Leads CRM allows Reflected XSS.This issue affects Leads CRM: from n/a through 2.0.13. | ||||
| CVE-2023-45760 | 2025-01-03 | 4.3 Medium | ||
| Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.3. | ||||
| CVE-2023-45765 | 2025-01-03 | 4.3 Medium | ||
| Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through 1.12.6. | ||||
| CVE-2023-45766 | 2025-01-03 | 5.3 Medium | ||
| Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.7.1. | ||||
| CVE-2023-45828 | 2025-01-03 | 5.4 Medium | ||
| Missing Authorization vulnerability in RumbleTalk Ltd RumbleTalk Live Group Chat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RumbleTalk Live Group Chat: from n/a through 6.2.5. | ||||
| CVE-2023-46073 | 2025-01-03 | 5.3 Medium | ||
| Missing Authorization vulnerability in nofearinc DX Delete Attached Media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DX Delete Attached Media: from n/a through 2.0.5.1. | ||||
| CVE-2023-46079 | 2025-01-03 | 5.4 Medium | ||
| Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through 1.2.9. | ||||
| CVE-2023-46080 | 2025-01-03 | 4.3 Medium | ||
| Missing Authorization vulnerability in Farhan Noor ApplyOnline – Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ApplyOnline – Application Form Builder and Manager: from n/a through 2.5.3. | ||||
| CVE-2023-46082 | 2025-01-03 | 5.3 Medium | ||
| Missing Authorization vulnerability in Cyberlord92 Broken Link Checker | Finder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Checker | Finder: from n/a through 2.4.2. | ||||
| CVE-2023-46083 | 2025-01-03 | 5.3 Medium | ||
| Missing Authorization vulnerability in Kali Forms Contact Form builder with drag & drop - Kali Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form builder with drag & drop - Kali Forms: from n/a through 2.3.27. | ||||
| CVE-2023-46188 | 2025-01-03 | 4.3 Medium | ||
| Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins – Plugin manager and cleanup: from n/a through 2.1.3. | ||||
| CVE-2023-46195 | 2025-01-03 | 6.5 Medium | ||
| Missing Authorization vulnerability in CoSchedule Headline Analyzer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headline Analyzer: from n/a through 1.3.1. | ||||
| CVE-2023-46206 | 2025-01-03 | 5.3 Medium | ||
| Missing Authorization vulnerability in websoudan MW WP Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MW WP Form: from n/a through 4.4.5. | ||||