1
|
9.4 |
CRITICAL
Network
-
|
-
|
Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from v1.83 b…
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-3375
|
2024-04-29 18:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2
|
- |
-
|
-
|
-
|
Missing Authorization vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.0.
New
|
CWE-862
Missing Authorization
|
CVE-2024-33684
|
2024-04-29 18:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
3
|
- |
-
|
-
|
-
|
Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget Clone.This issue affects WP Page Post Widget Clone: from n/a through 1.0.1.
New
|
-
|
CVE-2024-33636
|
2024-04-29 18:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
4
|
- |
-
|
-
|
-
|
Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.
New
|
CWE-862
Missing Authorization
|
CVE-2024-33635
|
2024-04-29 18:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
5
|
- |
-
|
-
|
-
|
Missing Authorization vulnerability in ProFaceOff SSU.This issue affects SSU: from n/a through 1.5.0.
New
|
CWE-862
Missing Authorization
|
CVE-2024-33597
|
2024-04-29 18:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
6
|
- |
-
|
-
|
-
|
Missing Authorization vulnerability in Five Star Plugins Five Star Restaurant Reservations.This issue affects Five Star Restaurant Reservations: from n/a through 2.6.16.
New
|
CWE-862
Missing Authorization
|
CVE-2024-33596
|
2024-04-29 18:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
7
|
- |
-
|
-
|
-
|
Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5.
New
|
CWE-862
Missing Authorization
|
CVE-2024-33558
|
2024-04-29 18:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
8
|
- |
-
|
-
|
-
|
Dell OpenManage Enterprise, versions 4.0.0 and 4.0.1, contains a sensitive information disclosure vulnerability. A local low privileged malicious user could potentially exploit this vulnerability to …
New
|
CWE-256
Plaintext Storage of a Password
|
CVE-2024-28961
|
2024-04-29 18:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
9
|
- |
-
|
-
|
-
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Freshworks Freshdesk (official).This issue affects Freshdesk (official): from n/a through 2.3.6.
Update
|
CWE-601
Open Redirect
|
CVE-2024-32129
|
2024-04-29 18:15 |
2024-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
10
|
- |
-
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in Julien Berthelot / MPEmbed.Com WP Matterport Shortcode allows Cross Site Request Forgery.This issue affects WP Matterport Shortcode: from n/a throug…
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-32109
|
2024-04-29 18:15 |
2024-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
11
|
- |
-
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
Update
|
CWE-89
SQL Injection
|
CVE-2024-27956
|
2024-04-29 18:15 |
2024-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
12
|
8.8 |
HIGH
Network
|
saas
|
disabler
|
Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler allows Cross Site Request Forgery.This issue affects Disabler: from n/a through 3.0.3.
Update
|
CWE-352
Origin Validation Error
|
CVE-2023-37998
|
2024-04-29 18:15 |
2023-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
13
|
5.4 |
MEDIUM
Network
|
rescuethemes
|
rescue_shortcodes
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-41728
|
2024-04-29 18:15 |
2023-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
14
|
6.1 |
MEDIUM
Network
|
incsub
|
forminator
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Forminator – Contact Form, Payment Form & Custom Form Builder allows Stored XSS.This iss…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2021-36821
|
2024-04-29 18:15 |
2023-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
15
|
8.2 |
HIGH
Network
|
cusmin
|
absolutely_glamorous_custom_admin
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cusmin AGCA - Absolutely Glamorous Custom Admin (WordPress plugin) allows Stored XSS.This issue a…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2021-36823
|
2024-04-29 18:15 |
2021-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
16
|
- |
-
|
-
|
-
|
Missing Authorization vulnerability in Real Big Plugins Client Dash.This issue affects Client Dash: from n/a through 2.2.1.
New
|
CWE-862
Missing Authorization
|
CVE-2024-33652
|
2024-04-29 17:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
17
|
- |
-
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.This issue affects Custom field finder: from n/a through 0.3.
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-33641
|
2024-04-29 17:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
18
|
- |
-
|
-
|
-
|
Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.This issue affects Solid Affiliate: from n/a through 1.9.1.
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2024-33637
|
2024-04-29 17:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
19
|
- |
-
|
-
|
-
|
Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-33634
|
2024-04-29 17:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
20
|
- |
-
|
-
|
-
|
Server-Side Request Forgery (SSRF) vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail).This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.0.0.
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-33629
|
2024-04-29 17:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
21
|
- |
-
|
-
|
-
|
Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely Glamorous Custom Admin.This issue affects Absolutely Glamorous Custom Admin: from n/a through 7.2.2.
New
|
-
|
CVE-2024-33627
|
2024-04-29 17:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
22
|
- |
-
|
-
|
-
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Deepen Bajracharya Video Conferencing with Zoom.This issue affects Video Conferencing with Zoom: from n/a through 4.4.4.
New
|
CWE-601
Open Redirect
|
CVE-2024-33584
|
2024-04-29 17:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
23
|
- |
-
|
-
|
-
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in User Meta user-meta.This issue affects User Meta: from n/a through 3.0.
New
|
CWE-200
Information Exposure
|
CVE-2024-33575
|
2024-04-29 17:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
24
|
- |
-
|
-
|
-
|
Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4.
New
|
CWE-862
Missing Authorization
|
CVE-2024-33566
|
2024-04-29 17:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
25
|
- |
-
|
-
|
-
|
Deserialization of Untrusted Data vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.5.
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-33553
|
2024-04-29 17:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
26
|
- |
-
|
-
|
-
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Fastline Media LLC Assistant – Every Day Productivity Apps.This issue affects Assistant – Every Day Productivity Apps: from…
New
|
CWE-200
Information Exposure
|
CVE-2024-33538
|
2024-04-29 17:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
27
|
- |
-
|
-
|
-
|
A vulnerability was found in MailCleaner up to 2023.03.14. It has been declared as critical. This vulnerability affects unknown code of the file /mailcleaner.php/getStats of the component SOAP Servic…
New
|
-
|
CVE-2024-3196
|
2024-04-29 16:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
28
|
- |
-
|
-
|
-
|
A vulnerability was found in MailCleaner up to 2023.03.14. It has been classified as critical. This affects an unknown part of the component Admin Endpoints. The manipulation leads to path traversal.…
New
|
CWE-22
Path Traversal
|
CVE-2024-3195
|
2024-04-29 16:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
29
|
- |
-
|
-
|
-
|
A vulnerability was found in MailCleaner up to 2023.03.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Log File Endpoint. The manipulation lead…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-3194
|
2024-04-29 16:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
30
|
- |
-
|
-
|
-
|
A vulnerability has been found in MailCleaner up to 2023.03.14 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Admin Endpoints. The manipulatio…
New
|
CWE-78
OS Command
|
CVE-2024-3193
|
2024-04-29 16:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
31
|
- |
-
|
-
|
-
|
A vulnerability, which was classified as problematic, was found in MailCleaner up to 2023.03.14. Affected is an unknown function of the component Admin Interface. The manipulation leads to cross site…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-3192
|
2024-04-29 16:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
32
|
- |
-
|
-
|
-
|
A vulnerability, which was classified as critical, has been found in MailCleaner up to 2023.03.14. This issue affects some unknown processing of the component Email Handler. The manipulation leads to…
New
|
CWE-78
OS Command
|
CVE-2024-3191
|
2024-04-29 16:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
33
|
- |
-
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10.
New
|
CWE-89
SQL Injection
|
CVE-2024-33546
|
2024-04-29 16:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
34
|
- |
-
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10.
New
|
CWE-89
SQL Injection
|
CVE-2024-33544
|
2024-04-29 16:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
35
|
- |
-
|
-
|
-
|
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate inst…
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-1300
|
2024-04-29 16:15 |
2024-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
36
|
- |
-
|
-
|
-
|
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to differe…
Update
|
-
|
CVE-2024-1023
|
2024-04-29 16:15 |
2024-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
37
|
8.8 |
HIGH
Network
|
-
|
-
|
ArmorX Android APP's multi-factor authentication (MFA) for the login function is not properly implemented. Remote attackers who obtain user credentials can bypass MFA, allowing them to successfully l…
New
|
CWE-287
Improper Authentication
|
CVE-2024-4303
|
2024-04-29 15:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
38
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Super 8 Live Chat online customer service platform fails to properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. When the message recipie…
New
|
-
|
CVE-2024-4302
|
2024-04-29 15:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
39
|
- |
-
|
-
|
-
|
In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS via the postMessage web_app_open_link event type.
New
|
-
|
CVE-2024-33905
|
2024-04-29 15:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
40
|
- |
-
|
-
|
-
|
In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary …
New
|
-
|
CVE-2024-33904
|
2024-04-29 15:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
41
|
- |
-
|
-
|
-
|
Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Ve…
New
|
CWE-862
Missing Authorization
|
CVE-2024-33686
|
2024-04-29 15:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
42
|
- |
-
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in Sandor Kovacs Regenerate post permalink allows Cross-Site Scripting (XSS).This issue affects Regenerate post permalink: from n/a through 1.0.3.
New
|
CWE-352
Origin Validation Error
|
CVE-2024-33681
|
2024-04-29 15:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
43
|
- |
-
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17.
New
|
CWE-352
Origin Validation Error
|
CVE-2024-33632
|
2024-04-29 15:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
44
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For …
New
|
-
|
CVE-2024-33631
|
2024-04-29 15:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
45
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elem…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-33630
|
2024-04-29 15:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
46
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infomaniak Staff VOD Infomaniak allows Reflected XSS.This issue affects VOD Infomaniak: from n/a …
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-33571
|
2024-04-29 15:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
47
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore allows Reflected XSS.This issue affects XStore: from n/a through 9.3.5.
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-33562
|
2024-04-29 15:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
48
|
- |
-
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5.
New
|
CWE-89
SQL Injection
|
CVE-2024-33559
|
2024-04-29 15:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
49
|
- |
-
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore Core allows Reflected XSS.This issue affects XStore Core: from n/a through 5.3.5.
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-33554
|
2024-04-29 15:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
50
|
- |
-
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore Core allows SQL Injection.This issue affects XStore Core: from n/a through 5.3.5.
New
|
CWE-89
SQL Injection
|
CVE-2024-33551
|
2024-04-29 15:15 |
2024-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|