Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38454 | 1 Expressionengine | 1 Expressionengine | 2024-07-26 | N/A | 6.1 MEDIUM |
| ExpressionEngine before 7.4.11 allows XSS. | |||||
| CVE-2024-3815 | 1 Tagdiv | 1 Newspaper | 2024-07-26 | N/A | 4.8 MEDIUM |
| The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-3814 | 1 Tagdiv | 1 Tagdiv Composer | 2024-07-26 | N/A | 4.8 MEDIUM |
| The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'single' module in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-37445 | 1 Bplugins | 1 Html5 Audio Player | 2024-07-26 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bPlugins Html5 Audio Player allows Stored XSS.This issue affects Html5 Audio Player: from n/a through 2.2.23. | |||||
| CVE-2024-4479 | 1 Jegtheme | 1 Jeg Elementor Kit | 2024-07-26 | N/A | 5.4 MEDIUM |
| The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sg_general_toggle_tab_enable and sg_accordion_style attributes within the plugin's JKit - Tabs and JKit - Accordion widget, respectively, in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-37434 | 1 Atarim | 1 Atarim | 2024-07-26 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Atarim allows Stored XSS.This issue affects Atarim: from n/a through 3.31. | |||||
| CVE-2024-37433 | 1 Mailster | 1 Mailster | 2024-07-26 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EverPress Mailster allows Reflected XSS.This issue affects Mailster: from n/a through 4.0.9. | |||||
| CVE-2024-38457 | 1 Xenforo | 1 Xenforo | 2024-07-26 | N/A | 8.8 HIGH |
| Xenforo before 2.2.16 allows CSRF. | |||||
| CVE-2024-37101 | 1 Afthemes | 1 Wp Post Author | 2024-07-26 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AF themes WP Post Author allows Stored XSS.This issue affects WP Post Author: from n/a through 3.6.7. | |||||
| CVE-2024-38458 | 1 Xenforo | 1 Xenforo | 2024-07-26 | N/A | 8.8 HIGH |
| Xenforo before 2.2.16 allows code injection. | |||||
| CVE-2024-37100 | 1 Threeroutesmedia | 1 Elegant Themes Icons | 2024-07-26 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mayur Somani, threeroutes media Elegant Themes Icons allows Stored XSS.This issue affects Elegant Themes Icons: from n/a through 1.3. | |||||
| CVE-2024-41551 | 1 Campcodes | 1 Supplier Management System | 2024-07-26 | N/A | 9.8 CRITICAL |
| CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= . | |||||
| CVE-2024-7080 | 1 Insurance Management System Project | 1 Insurance Management System | 2024-07-26 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /E-Insurance/. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272365 was assigned to this vulnerability. | |||||
| CVE-2024-41136 | 1 Arubanetworks | 1 Edgeconnect Sd-wan Orchestrator | 2024-07-26 | N/A | 8.8 HIGH |
| An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | |||||
| CVE-2024-41459 | 1 Tendacn | 2 Fh1201, Fh1201 Firmware | 2024-07-26 | N/A | 9.8 CRITICAL |
| Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex. | |||||
| CVE-2024-41460 | 1 Tendacn | 2 Fh1201, Fh1201 Firmware | 2024-07-26 | N/A | 9.8 CRITICAL |
| Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteStatic. | |||||
| CVE-2024-41461 | 1 Tendacn | 2 Fh1201, Fh1201 Firmware | 2024-07-26 | N/A | 9.8 CRITICAL |
| Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient. | |||||
| CVE-2024-41462 | 1 Tendacn | 2 Fh1201, Fh1201 Firmware | 2024-07-26 | N/A | 7.5 HIGH |
| Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/DhcpListClient. | |||||
| CVE-2024-41463 | 1 Tendacn | 2 Fh1201, Fh1201 Firmware | 2024-07-26 | N/A | 7.5 HIGH |
| Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/addressNat. | |||||
| CVE-2024-41465 | 1 Tendacn | 2 Fh1201, Fh1201 Firmware | 2024-07-26 | N/A | 7.5 HIGH |
| Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/setcfm. | |||||