Total
64963 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-4175 | 2024-04-25 | N/A | 5.4 MEDIUM | ||
Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability could allow an attacker to send a malicious payload with Unicode characters that will be replaced by ASCII characters. | |||||
CVE-2024-25026 | 2024-04-25 | N/A | 5.9 MEDIUM | ||
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 281516. | |||||
CVE-2024-32677 | 2024-04-25 | N/A | 6.5 MEDIUM | ||
Missing Authorization vulnerability in LoginPress LoginPress Pro.This issue affects LoginPress Pro: from n/a before 3.0.0. | |||||
CVE-2024-23638 | 1 Squid-cache | 1 Squid | 2024-04-25 | N/A | 6.5 MEDIUM |
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`. | |||||
CVE-2024-32795 | 2024-04-24 | N/A | 4.3 MEDIUM | ||
Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8. | |||||
CVE-2023-32127 | 2024-04-24 | N/A | 5.3 MEDIUM | ||
Missing Authorization vulnerability in Daniel Powney Multi Rating allows Functionality Misuse.This issue affects Multi Rating: from n/a through 5.0.6. | |||||
CVE-2024-32806 | 2024-04-24 | N/A | 4.3 MEDIUM | ||
Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule Headline Analyzer.This issue affects Headline Analyzer: from n/a through 1.3.3. | |||||
CVE-2024-32728 | 2024-04-24 | N/A | 4.3 MEDIUM | ||
Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Paid Member Subscriptions.This issue affects Paid Member Subscriptions: from n/a through 2.11.0. | |||||
CVE-2023-47774 | 2024-04-24 | N/A | 5.4 MEDIUM | ||
Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7. | |||||
CVE-2023-25785 | 2024-04-24 | N/A | 5.3 MEDIUM | ||
Missing Authorization vulnerability in Shoaib Saleem WP Post Rating allows Functionality Misuse.This issue affects WP Post Rating: from n/a through 2.5. | |||||
CVE-2023-23989 | 2024-04-24 | N/A | 5.3 MEDIUM | ||
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.1.9.2. | |||||
CVE-2024-32678 | 2024-04-24 | N/A | 5.3 MEDIUM | ||
Missing Authorization vulnerability in TrackShip TrackShip for WooCommerce.This issue affects TrackShip for WooCommerce: from n/a through 1.7.5. | |||||
CVE-2024-32078 | 2024-04-24 | N/A | 4.1 MEDIUM | ||
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212. | |||||
CVE-2023-48763 | 2024-04-24 | N/A | 5.3 MEDIUM | ||
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in Crocoblock JetFormBuilder allows Code Injection.This issue affects JetFormBuilder: from n/a through 3.1.4. | |||||
CVE-2023-25790 | 2024-04-24 | N/A | 5.3 MEDIUM | ||
Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects WoodMart: from n/a through 7.0.4. | |||||
CVE-2024-32794 | 2024-04-24 | N/A | 4.3 MEDIUM | ||
Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10. | |||||
CVE-2024-32773 | 2024-04-24 | N/A | 4.3 MEDIUM | ||
Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Royal Elementor Kit.This issue affects Royal Elementor Kit: from n/a through 1.0.116. | |||||
CVE-2024-32793 | 2024-04-24 | N/A | 5.4 MEDIUM | ||
Cross-Site Request Forgery (CSRF) vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 2.12.10. | |||||
CVE-2024-32947 | 2024-04-24 | N/A | 4.3 MEDIUM | ||
Cross-Site Request Forgery (CSRF) vulnerability in AlumniOnline Web Services LLC WP ADA Compliance Check Basic.This issue affects WP ADA Compliance Check Basic: from n/a through 3.1.3. | |||||
CVE-2024-32872 | 2024-04-24 | N/A | 5.5 MEDIUM | ||
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6, 13.0.6, as well as Umbraco Plumber version 10.1.2, contain a patch for this issue. |