Total
305646 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20436 | 1 Cisco | 1 Ios Xe | 2024-10-08 | N/A | 8.6 HIGH |
| A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a null pointer dereference when accessing specific URLs. An attacker could exploit this vulnerability by sending crafted HTTP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a DoS condition on the affected device. | |||||
| CVE-2024-4278 | 1 Gitlab | 1 Gitlab | 2024-10-08 | N/A | 5.5 MEDIUM |
| An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting. | |||||
| CVE-2024-45933 | 2024-10-08 | N/A | 6.6 MEDIUM | ||
| OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint. | |||||
| CVE-2024-8254 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-10-08 | N/A | 5.4 MEDIUM |
| The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | |||||
| CVE-2024-8800 | 1 Yoginetwork | 1 Rabbitloader | 2024-10-08 | N/A | 6.1 MEDIUM |
| The RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.21.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-9353 | 1 Themes4wp | 1 Popularis Extra | 2024-10-08 | N/A | 6.1 MEDIUM |
| The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
| CVE-2024-8967 | 1 Iworks | 1 Pwa | 2024-10-08 | N/A | 6.4 MEDIUM |
| The PWA — easy way to Progressive Web App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
| CVE-2024-9574 | 1 Soplanning | 1 Soplanning | 2024-10-08 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. | |||||
| CVE-2024-9573 | 1 Soplanning | 1 Soplanning | 2024-10-08 | N/A | 6.3 MEDIUM |
| SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server. | |||||
| CVE-2024-9572 | 1 Soplanning | 1 Soplanning | 2024-10-08 | N/A | 6.3 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. This could allow a remote user to send a specially crafted query to an authenticated user and steal their session details. | |||||
| CVE-2024-9571 | 1 Soplanning | 1 Soplanning | 2024-10-08 | N/A | 6.3 MEDIUM |
| Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. This could allow a remote user to send a specially crafted query to an authenticated user and partially take control of their browser session. | |||||
| CVE-2024-9565 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Affected by this vulnerability is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9564 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9563 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9562 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9561 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetWAN_Wizard51/formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9559 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9557 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formSetWanPPPoE of the file /goform/formSetWanPPPoE. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9556 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-9558 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formSetWanPPTP of the file /goform/formSetWanPPTP. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||