ReportizFlow
Filtered by vendor
Subscriptions
Total
322798 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49673 | 1 Latex2html | 1 Latex2html | 2024-11-08 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Van Abel LaTeX2HTML allows Reflected XSS.This issue affects LaTeX2HTML: from n/a through 2.5.4. | ||||
| CVE-2024-49692 | 1 Affiliatexblocks | 1 Affiliatex | 2024-11-08 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AffiliateX allows Stored XSS.This issue affects AffiliateX: from n/a through 1.2.9. | ||||
| CVE-2024-50439 | 1 Brainstormforce | 1 Astra Widgets | 2024-11-08 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force Astra Widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through 1.2.14. | ||||
| CVE-2024-50438 | 1 Themoyles | 1 Church Admin | 2024-11-08 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Reflected XSS.This issue affects Church Admin: from n/a before 5.0.0. | ||||
| CVE-2024-49679 | 1 Wpkoi | 1 Wpkoi Templates For Elementor | 2024-11-08 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPKoi WPKoi Templates for Elementor allows Stored XSS.This issue affects WPKoi Templates for Elementor: from n/a through 3.1.0. | ||||
| CVE-2024-49702 | 1 Mycred | 1 Mycred Elementor | 2024-11-08 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in myCRED myCred Elementor allows Stored XSS.This issue affects myCred Elementor: from n/a through 1.2.6. | ||||
| CVE-2024-22066 | 1 Zte | 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more | 2024-11-08 | 7.5 High |
| There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device. | ||||
| CVE-2024-0067 | 2024-11-08 | 4.3 Medium | ||
| Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2024-43967 | 1 Starkdigital | 1 Wp Testimonial Widget | 2024-11-08 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1. | ||||
| CVE-2024-43966 | 1 Starkdigital | 1 Wp Testimonial Widget | 2024-11-08 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1. | ||||
| CVE-2024-20418 | 1 Cisco | 1 Aironet Access Point Software | 2024-11-08 | 10 Critical |
| A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system. This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device. | ||||
| CVE-2024-33033 | 1 Qualcomm | 56 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 53 more | 2024-11-08 | 6.7 Medium |
| Memory corruption while processing IOCTL calls to unmap the buffers. | ||||
| CVE-2024-33032 | 1 Qualcomm | 140 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6200 and 137 more | 2024-11-08 | 6.7 Medium |
| Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it. | ||||
| CVE-2024-33030 | 1 Qualcomm | 44 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 41 more | 2024-11-08 | 6.7 Medium |
| Memory corruption while parsing IPC frequency table parameters for LPLH that has size greater than expected size. | ||||
| CVE-2024-33029 | 1 Qualcomm | 6 Qca6584au, Qca6584au Firmware, Qca6698aq and 3 more | 2024-11-08 | 6.7 Medium |
| Memory corruption while handling the PDR in driver for getting the remote heap maps. | ||||
| CVE-2024-23377 | 1 Qualcomm | 79 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 76 more | 2024-11-08 | 6.7 Medium |
| Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver. | ||||
| CVE-2024-50411 | 1 Kevonadonis | 1 Wp Abstracts | 2024-11-08 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.7.1. | ||||
| CVE-2024-49642 | 1 Rafasashi | 1 Todo Custom Field | 2024-11-07 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rafasashi Todo Custom Field allows Reflected XSS.This issue affects Todo Custom Field: from n/a through 3.0.4. | ||||
| CVE-2024-9443 | 1 Basticom | 1 Framework | 2024-11-07 | 6.4 Medium |
| The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2024-51358 | 1 Linuxserver | 1 Heimdall Application Dashboard | 2024-11-07 | 9.8 Critical |
| An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application. | ||||