VYPR

CVEs

100,082 total · page 674 of 2,002

  • CVE-2024-5324HigJun 6, 2024
    risk 0.50cvss 8.8epss 0.02

    Multiple plugins for WordPress utilizing the XootiX Framework are vulnerable to unauthorized modification of data due to a missing capability check on the 'import_settings' function in various versions. This makes it possible for authenticated attackers, with Subscriber-level…

  • CVE-2024-5179HigJun 6, 2024
    risk 0.57cvss 8.8epss 0.01

    The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.2 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to…

  • CVE-2023-6968HigJun 6, 2024
    risk 0.46cvss 8.1epss 0.00

    The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.6.3. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to to update and…

  • CVE-2023-6966HigJun 6, 2024
    risk 0.46cvss 8.1epss 0.00

    The The Moneytizer plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX functions in the /core/core_ajax.php file in all versions up to, and including, 9.6.3. This makes it…

  • CVE-2024-5653HigJun 5, 2024
    risk 0.47cvss 7.3epss 0.01

    A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5. This issue affects some unknown processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the argument KeyID leads to sql injection. The attack may be initiated…

  • CVE-2024-36670HigJun 5, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del

  • CVE-2024-36669HigJun 5, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=add.

  • CVE-2024-36668HigJun 5, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=del

  • CVE-2024-36667HigJun 5, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/idcProType_deal.php?mudi=add&nohrefStr=close

  • CVE-2023-49928HigJun 5, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband…

  • CVE-2024-5037HigJun 5, 2024
    risk 0.00cvss 7.5epss 0.01

    A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication.

  • CVE-2024-36129HigJun 5, 2024
    risk 0.46cvss 8.2epss 0.01

    The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version…

  • CVE-2024-20404HigJun 5, 2024
    risk 0.49cvss 7.2epss 0.22

    A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that…

  • CVE-2024-36837HigJun 5, 2024
    risk 0.49cvss 7.5epss 0.08

    SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive information via the getProductList function in the ProductController.php file.

  • CVE-2024-5526HigJun 5, 2024
    risk 0.50cvss 7.7epss 0.00

    Grafana OnCall is an easy-to-use on-call management tool that will help reduce toil in on-call management through simpler workflows and interfaces that are tailored specifically for engineers. Grafana OnCall, from version 1.1.37 before 1.5.2 are vulnerable to a Server Side…

  • CVE-2024-1662HigJun 5, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authentication for Critical Function, Missing Authorization vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data. This issue affects PowerBank Application: before 2.02.

  • CVE-2024-4743HigJun 5, 2024
    risk 0.50cvss 8.8epss 0.00

    The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlms_favorites shortcode in all versions up to, and including, 7.6.2 due to insufficient escaping on the user supplied parameter and…

  • CVE-2024-1272HigJun 5, 2024
    risk 0.49cvss 7.5epss 0.00

    Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data. This issue affects Cockpit Software: before v0.251.1.

  • CVE-2024-3667HigJun 5, 2024
    risk 0.48cvss 7.4epss 0.00

    The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' field of multiple widgets in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping on user supplied attributes. This…

  • CVE-2024-2087HigJun 5, 2024
    risk 0.47cvss 7.2epss 0.00

    The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form name values in all versions up to, and including, 2.4.43 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…

  • CVE-2024-1940HigJun 5, 2024
    risk 0.46cvss 7.1epss 0.00

    The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post content in all versions up to, and including, 2.4.41 due to insufficient input sanitization performed only on the client side and insufficient output escaping. This makes it…

  • CVE-2024-4084HigJun 5, 2024
    risk 0.49cvss 7.5epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses…

  • CVE-2022-28657HigJun 4, 2024
    risk 0.51cvss 7.8epss 0.00

    Apport does not disable python crash handler before entering chroot

  • CVE-2022-28655HigJun 4, 2024
    risk 0.46cvss 7.1epss 0.00

    is_closing_session() allows users to create arbitrary tcp dbus connections

  • CVE-2024-34363HigJun 4, 2024
    risk 0.49cvss 7.5epss 0.01

    Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash.

  • CVE-2024-32976HigJun 4, 2024
    risk 0.49cvss 7.5epss 0.01

    Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input.

  • CVE-2024-4520HigJun 4, 2024
    risk 0.00cvss 7.5epss 0.01

    An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the…

  • CVE-2024-36857HigJun 4, 2024
    risk 0.49cvss 7.5epss 0.02

    Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileSync interface.

  • CVE-2024-35672HigJun 4, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.19.

  • CVE-2024-25095HigJun 4, 2024
    risk 0.49cvss 7.5epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0.

  • CVE-2024-36550HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close

  • CVE-2024-36549HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close

  • CVE-2024-36548HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del

  • CVE-2024-36547HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add

  • CVE-2024-35652HigJun 4, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Reflected XSS.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.1.

  • CVE-2024-32871HigJun 4, 2024
    risk 0.42cvss 7.5epss 0.01

    Pimcore is an Open Source Data & Experience Management Platform. The Pimcore thumbnail generation can be used to flood the server with large files. By changing the file extension or scaling factor of the requested thumbnail, attackers can create files that are much larger in…

  • CVE-2024-29004HigJun 4, 2024
    risk 0.46cvss 7.1epss 0.00

    The SolarWinds Platform was determined to be affected by a stored cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability.

  • CVE-2024-28996HigJun 4, 2024
    risk 0.49cvss 7.5epss 0.00

    The SolarWinds Platform was determined to be affected by a SWQL Injection Vulnerability. Attack complexity is high for this vulnerability.  

  • CVE-2024-35668HigJun 4, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by…

  • CVE-2024-35664HigJun 4, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpvividplugins WPvivid Backup for MainWP wpvivid-backup-mainwp allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through <= 0.9.32.

  • CVE-2024-34554HigJun 4, 2024
    risk 0.55cvss 8.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm Core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through 2.4.1.

  • CVE-2024-34552HigJun 4, 2024
    risk 0.55cvss 8.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Select-Themes Stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through 9.6.

  • CVE-2024-33628HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in XforWooCommerce allows PHP Local File Inclusion.This issue affects XforWooCommerce: from n/a through 2.0.2.

  • CVE-2024-33568HigJun 4, 2024
    risk 0.55cvss 8.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Deserialization of Untrusted Data vulnerability in BdThemes Element Pack Pro allows Path Traversal, Object Injection.This issue affects Element Pack Pro: from n/a before 7.19.3.

  • CVE-2024-36800HigJun 4, 2024
    risk 0.49cvss 7.5epss 0.01

    A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php.

  • CVE-2024-33557HigJun 4, 2024
    risk 0.55cvss 8.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore Core allows PHP Local File Inclusion.This issue affects XStore Core: from n/a through 5.3.8.

  • CVE-2024-29170HigJun 4, 2024
    risk 0.53cvss 8.1epss 0.00

    Dell PowerScale OneFS versions 8.2.x through 9.8.0.x contain a use of hard coded credentials vulnerability. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure of network traffic and denial of service.

  • CVE-2024-4254HigJun 4, 2024
    risk 0.46cvss 7.1epss 0.00

    The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which…

  • CVE-2024-37065HigJun 4, 2024
    risk 0.51cvss 7.8epss 0.00

    Deserialization of untrusted data can occur in versions 0.6 or newer of the skops python library, enabling a maliciously crafted model to run arbitrary code on an end user's system when loaded.

  • CVE-2024-37064HigJun 4, 2024
    risk 0.51cvss 7.8epss 0.00

    Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded.