Show filters
2,285 Total Results
Displaying 101-110 of 2,285
Sort by:
Attacker Value
Unknown
CVE-2024-4189
Disclosure Date: October 16, 2024 (last updated February 26, 2025)
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
0
Attacker Value
Unknown
CVE-2024-4184
Disclosure Date: October 16, 2024 (last updated February 26, 2025)
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
0
Attacker Value
Unknown
CVE-2024-10033
Disclosure Date: October 16, 2024 (last updated February 26, 2025)
A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, injecting malicious script, stealing sessions and data.
0
Attacker Value
Unknown
CVE-2022-4974
Disclosure Date: October 16, 2024 (last updated February 26, 2025)
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
0
Attacker Value
Unknown
CVE-2024-9979
Disclosure Date: October 15, 2024 (last updated February 26, 2025)
A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.
0
Attacker Value
Unknown
CVE-2024-9620
Disclosure Date: October 08, 2024 (last updated February 26, 2025)
A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information. An attacker with network access could exploit this vulnerability by sniffing the plaintext data transmitted between the EDA and AAP. An attacker with system access could exploit this vulnerability by reading the plaintext data stored in EDA and AAP databases.
0
Attacker Value
Unknown
CVE-2024-9355
Disclosure Date: October 01, 2024 (last updated March 05, 2025)
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
0
Attacker Value
Unknown
CVE-2024-47641
Disclosure Date: September 30, 2024 (last updated February 26, 2025)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloperr Confetti Fall Animation allows Stored XSS.This issue affects Confetti Fall Animation: from n/a through 1.3.0.
0
Attacker Value
Unknown
CVE-2024-8771
Disclosure Date: September 26, 2024 (last updated February 26, 2025)
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'preview_email_template_design' function in all versions up to, and including, 5.7.34. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the content of private, password protected, pending, and draft posts and pages.
0
Attacker Value
Unknown
CVE-2024-4657
Disclosure Date: September 25, 2024 (last updated February 26, 2025)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software BAP Automation allows Stored XSS.This issue affects BAP Automation: before 30840.
0