π¨ CVE-2024-28216
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
π@cveNotify
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
π@cveNotify
π¨ CVE-2024-29946
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.
π@cveNotify
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser.
π@cveNotify
Splunk Vulnerability Disclosure
Risky command safeguards bypass in Dashboard Examples Hub
In Splunk Enterprise versions below 9.2.1, 9.1.4 and 9.0.9, and Splunk Cloud Platform versions below 9.1.2312.104 and 9.1.2308.205, the Dashboard Examples Hub in the Splunk Dashboard Studio app lacks protections for risky SPL commands, which could allow anβ¦
π¨ CVE-2023-5971
The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
WPScan
Save as PDF < 3.2.0 - Admin+ Stored XSS
See details on Save as PDF < 3.2.0 - Admin+ Stored XSS CVE 2023-5971. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2023-41884
ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.
π@cveNotify
ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.
π@cveNotify
GitHub
Only allow Events Columns for sort. Fixes GHSA-2qp3-fwpv-mc96. Fixes β¦ Β· ZoneMinder/zoneminder@677f6a3
β¦GHSA-9cmr-7437-v9fj
π¨ CVE-2023-48171
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
π@cveNotify
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
π@cveNotify
π¨ CVE-2024-21767
A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request.
π@cveNotify
A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request.
π@cveNotify
π¨ CVE-2024-22182
A remote, unauthenticated attacker may be able to send crafted messages
to the web server of the Commend WS203VICM causing the system to
restart, interrupting service.
π@cveNotify
A remote, unauthenticated attacker may be able to send crafted messages
to the web server of the Commend WS203VICM causing the system to
restart, interrupting service.
π@cveNotify
π¨ CVE-2023-35764
Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting.
π@cveNotify
Insufficient verification of data authenticity issue in Survey Maker prior to 3.6.4 allows a remote unauthenticated attacker to spoof an IP address when posting.
π@cveNotify
jvn.jp
JVN#51098626: Multiple vulnerabilities in WordPress Plugin "Survey Maker"
Japan Vulnerability Notes
π¨ CVE-2024-29167
SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
π@cveNotify
SVR-116 firmware version 1.6.0.30028871 allows a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
π@cveNotify
jvn.jp
JVNVU#93932313: SEEnergy SVR-116 vulnerable to OS command injection
Japan Vulnerability Notes
π¨ CVE-2023-7066
The affected applications contain an out of bounds read past the end of
an allocated structure while parsing specially crafted PDF files. This
could allow an attacker to execute code in the context of the current
process.
π@cveNotify
The affected applications contain an out of bounds read past the end of
an allocated structure while parsing specially crafted PDF files. This
could allow an attacker to execute code in the context of the current
process.
π@cveNotify
π¨ CVE-2024-43151
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder β Lite allows Stored XSS.This issue affects Ultimate Addons for Beaver Builder β Lite: from n/a through 1.5.9.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder β Lite allows Stored XSS.This issue affects Ultimate Addons for Beaver Builder β Lite: from n/a through 1.5.9.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Ultimate Addons for Beaver Builder β Lite Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43152
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iberezansky 3D FlipBook β PDF Flipbook Viewer, Flipbook Image Gallery allows Stored XSS.This issue affects 3D FlipBook β PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.15.6.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iberezansky 3D FlipBook β PDF Flipbook Viewer, Flipbook Image Gallery allows Stored XSS.This issue affects 3D FlipBook β PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.15.6.
π@cveNotify
Patchstack
undefined in undefined undefined undefined
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43155
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins ComboBlocks allows Stored XSS.This issue affects ComboBlocks: from n/a through 2.2.86.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Post Grid and Gutenberg Blocks Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43156
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a through 3.4.10.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a through 3.4.10.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Post Grid Master Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43161
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.1.2.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.1.2.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Depicter Slider Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π1
π¨ CVE-2024-35775
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Authentication vulnerability in Soliloquy Team Slider by Soliloquy allows Cross-Site Scripting (XSS).This issue affects Slider by Soliloquy: from n/a through 2.7.6.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Authentication vulnerability in Soliloquy Team Slider by Soliloquy allows Cross-Site Scripting (XSS).This issue affects Slider by Soliloquy: from n/a through 2.7.6.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Slider by Soliloquy Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-37924
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wp2speed WP2Speed Faster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP2Speed Faster: from n/a through 1.0.1.
π@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wp2speed WP2Speed Faster allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP2Speed Faster: from n/a through 1.0.1.
π@cveNotify
Patchstack
Sensitive Data Exposure in WordPress WP2Speed Faster Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-37930
Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in ThemeSphere SmartMag allows Excavation, Accessing Functionality Not Properly Constrained by ACLs.This issue affects SmartMag: from n/a through 9.3.0.
π@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in ThemeSphere SmartMag allows Excavation, Accessing Functionality Not Properly Constrained by ACLs.This issue affects SmartMag: from n/a through 9.3.0.
π@cveNotify
Patchstack
Multiple Vulnerabilities in WordPress SmartMag Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43123
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Techeshta Card Elements for Elementor allows Stored XSS.This issue affects Card Elements for Elementor: from n/a through 1.2.2.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Techeshta Card Elements for Elementor allows Stored XSS.This issue affects Card Elements for Elementor: from n/a through 1.2.2.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Card Elements for Elementor Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43124
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iqonic Design Graphina allows Stored XSS.This issue affects Graphina: from n/a through 1.8.10.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iqonic Design Graphina allows Stored XSS.This issue affects Graphina: from n/a through 1.8.10.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Graphina Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2024-43125
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder β WordPress Table Plugin allows Stored XSS.This issue affects WP Table Builder β WordPress Table Plugin: from n/a through 1.4.15.
π@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder β WordPress Table Plugin allows Stored XSS.This issue affects WP Table Builder β WordPress Table Plugin: from n/a through 1.4.15.
π@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress WP Table Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.