Total
263824 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-41375 | 1 Jtekt | 1 Kostac Plc | 2024-09-24 | 7.8 High |
Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later. | ||||
CVE-2023-35092 | 1 Abhayrajmca | 1 Breadcrumb Simple | 2024-09-24 | 5.9 Medium |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abhay Yadav Breadcrumb simple plugin <= 1.3 versions. | ||||
CVE-2023-25471 | 1 Webcodin | 1 Wcp Openweather | 2024-09-24 | 7.1 High |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webcodin WCP OpenWeather plugin <= 2.5.0 versions. | ||||
CVE-2024-25673 | 1 Couchbase | 1 Couchbase Server | 2024-09-24 | 6.1 Medium |
Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection. | ||||
CVE-2023-24397 | 1 Reservation | 1 Reservation.studio | 2024-09-24 | 5.9 Medium |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions. | ||||
CVE-2023-27621 | 1 Mrdemonwolf | 1 Livestream Notice | 2024-09-24 | 5.9 Medium |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MrDemonWolf Livestream Notice plugin <= 1.2.0 versions. | ||||
CVE-2023-25477 | 1 Yotuwp | 1 Video Gallery | 2024-09-24 | 5.9 Medium |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotuwp Video Gallery plugin <= 1.3.12 versions. | ||||
CVE-2023-24412 | 1 Web-settler | 1 Image Social Feed | 2024-09-24 | 5.9 Medium |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <= 1.7.6 versions. | ||||
CVE-2023-25042 | 1 Stormconsultancy | 1 Oauth Twitter Feed For Developers | 2024-09-24 | 5.9 Medium |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy (Storm Consultancy) oAuth Twitter Feed for Developers plugin <= 2.3.0 versions. | ||||
CVE-2023-25044 | 1 Sumo | 1 Social Share Boost | 2024-09-24 | 5.9 Medium |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <= 4.4 versions. | ||||
CVE-2023-37893 | 1 Chop-chop | 1 Coming Soon Chop Chop | 2024-09-24 | 7.1 High |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chop-Chop Coming Soon Chop Chop plugin <= 2.2.4 versions. | ||||
CVE-2023-37986 | 1 Minorange | 1 Wordpress Yourmembership Single Sign-on | 2024-09-24 | 5.9 Medium |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange YourMembership Single Sign On – YM SSO Login plugin <= 1.1.3 versions. | ||||
CVE-2023-34011 | 1 Shopconstruct | 1 Shopconstruct | 2024-09-24 | 7.1 High |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ShopConstruct plugin <= 1.1.2 versions. | ||||
CVE-2023-37994 | 1 Wpruse | 1 Art Decoration Shortcode | 2024-09-24 | 6.5 Medium |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Artem Abramovich Art Decoration Shortcode plugin <= 1.5.6 versions. | ||||
CVE-2023-41374 | 1 Jtekt | 1 Kostac Plc | 2024-09-24 | 7.8 High |
Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later. | ||||
CVE-2024-44183 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-09-24 | 5.5 Medium |
A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. An app may be able to cause a denial-of-service. | ||||
CVE-2024-44180 | 1 Apple | 2 Ipados, Iphone Os | 2024-09-24 | 2.4 Low |
The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18. An attacker with physical access may be able to access contacts from the lock screen. | ||||
CVE-2023-34047 | 1 Vmware | 1 Spring For Graphql | 2024-09-24 | 3.1 Low |
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry. | ||||
CVE-2023-0829 | 1 Plesk | 1 Plesk | 2024-09-24 | 8.8 High |
Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription. | ||||
CVE-2024-44184 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-09-24 | 5.5 Medium |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data. |