Total
312594 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8724 | 1 Xootix | 1 Waitlist Woocommerce | 2024-09-27 | N/A | 6.1 MEDIUM |
| The Waitlist Woocommerce ( Back in stock notifier ) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.7.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-9094 | 1 Code-projects | 1 Blood Bank System | 2024-09-27 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /admin/blood/update/o-.php. The manipulation of the argument bloodname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9040 | 1 Code-projects | 1 Blood Bank Management System | 2024-09-27 | 1.4 LOW | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation leads to cleartext storage in a file or on disk. An attack has to be approached locally. | |||||
| CVE-2024-44062 | 1 Wpgogo | 1 Custom Field Template | 2024-09-27 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.5. | |||||
| CVE-2024-44059 | 1 Mediaron | 1 Custom Query Blocks | 2024-09-27 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MediaRon LLC Custom Query Blocks allows Stored XSS.This issue affects Custom Query Blocks: from n/a through 5.3.1. | |||||
| CVE-2024-44053 | 1 Mohammadarif | 1 Opor Ayam | 2024-09-27 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a through 1.8. | |||||
| CVE-2024-47058 | 1 Acquia | 1 Mautic | 2024-09-27 | N/A | 4.8 MEDIUM |
| With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session. | |||||
| CVE-2024-47050 | 1 Acquia | 1 Mautic | 2024-09-27 | N/A | 6.1 MEDIUM |
| Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable. | |||||
| CVE-2024-0005 | 1 Purestorage | 2 Purity\/\/fa, Purity\/\/fb | 2024-09-27 | N/A | 8.8 HIGH |
| A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration. | |||||
| CVE-2021-27917 | 1 Acquia | 1 Mautic | 2024-09-27 | N/A | 5.4 MEDIUM |
| Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. | |||||
| CVE-2024-45460 | 1 Info-d-74 | 1 Flipping Cards | 2024-09-27 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manu225 Flipping Cards allows Stored XSS.This issue affects Flipping Cards: from n/a through 1.30. | |||||
| CVE-2024-45459 | 1 Pickplugins | 1 Product Slider For Woocommerce | 2024-09-27 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through 1.13.50. | |||||
| CVE-2024-37779 | 2024-09-27 | N/A | 8.8 HIGH | ||
| WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality. | |||||
| CVE-2024-44063 | 1 Happyforms | 1 Happyforms | 2024-09-27 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0. | |||||
| CVE-2024-0004 | 1 Purestorage | 1 Purity\/\/fa | 2024-09-27 | N/A | 7.2 HIGH |
| A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array. | |||||
| CVE-2024-0003 | 1 Purestorage | 1 Purity\/\/fa | 2024-09-27 | N/A | 7.2 HIGH |
| A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access. | |||||
| CVE-2024-0002 | 1 Purestorage | 1 Purity\/\/fa | 2024-09-27 | N/A | 9.8 CRITICAL |
| A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. | |||||
| CVE-2024-0001 | 1 Purestorage | 1 Purity\/\/fa | 2024-09-27 | N/A | 9.8 CRITICAL |
| A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges. | |||||
| CVE-2024-44060 | 1 Jenniferhall | 1 Filmix | 2024-09-27 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jennifer Hall Filmix allows Reflected XSS.This issue affects Filmix: from n/a through 1.1. | |||||
| CVE-2024-6339 | 1 Averta | 1 Phlox | 2024-09-27 | N/A | 6.1 MEDIUM |
| The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||