Show filters
335,047 Total Results
Displaying 71-80 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown

CVE-2024-52597

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application allows uploading images in several places. One of the accepted types of image is SVG, which allows JS scripting. Therefore, by uploading a malicious SVG which contains JS code, an attacker which is able to drive a victim to the uploaded image could compromise that victim's session and access to their tokens. Version 5.4.1 contains a patch for the issue.
0
Attacker Value
Unknown

CVE-2024-11154

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.15 via the 'actAjaxRevisionDiffs' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including revisions of posts and pages.
Attacker Value
Unknown

CVE-2024-10913

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
The Clone plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.6 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Attacker Value
Unknown

CVE-2024-11495

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
Buffer overflow vulnerability in OllyDbg, version 1.10, which could allow a local attacker to execute arbitrary code due to lack of proper bounds checking.
0
Attacker Value
Unknown

CVE-2024-52451

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in Aaron Robbins Post Ideas allows SQL Injection.This issue affects Post Ideas: from n/a through 2.
0
Attacker Value
Unknown

CVE-2024-52450

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Official pro coders nBlocks allows PHP Local File Inclusion.This issue affects nBlocks: from n/a through 1.0.2.
0
Attacker Value
Unknown

CVE-2024-52449

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Navneil Naicer Bootscraper allows PHP Local File Inclusion.This issue affects Bootscraper: from n/a through 2.1.0.
0
Attacker Value
Unknown

CVE-2024-52448

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebCodingPlace Ultimate Classified Listings allows PHP Local File Inclusion.This issue affects Ultimate Classified Listings: from n/a through 1.4.
0
Attacker Value
Unknown

CVE-2024-52447

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
Path Traversal: '.../...//' vulnerability in Corporate Zen Contact Page With Google Map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through 1.6.1.
0
Attacker Value
Unknown

CVE-2024-52446

Disclosure Date: November 20, 2024 (last updated November 21, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in Buying Buddy Buying Buddy IDX CRM allows Object Injection.This issue affects Buying Buddy IDX CRM: from n/a through 1.1.12.
0