Show filters
321 Total Results
Displaying 21-30 of 321
Sort by:
Attacker Value
Unknown
CVE-2024-6270
Disclosure Date: August 05, 2024 (last updated August 05, 2024)
The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0
Attacker Value
Unknown
CVE-2024-6271
Disclosure Date: July 22, 2024 (last updated July 26, 2024)
The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack
0
Attacker Value
Unknown
CVE-2024-21167
Disclosure Date: July 16, 2024 (last updated December 21, 2024)
Vulnerability in the Oracle Trading Community product of Oracle E-Business Suite (component: Party Search UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Trading Community. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trading Community accessible data as well as unauthorized access to critical data or complete access to all Oracle Trading Community accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
0
Attacker Value
Unknown
CVE-2024-30163
Disclosure Date: June 07, 2024 (last updated August 09, 2024)
Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries. This can be exploited by unauthenticated attackers to carry out Blind SQL Injection attacks.
0
Attacker Value
Unknown
CVE-2024-23793
Disclosure Date: June 06, 2024 (last updated June 07, 2024)
The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl scripts.
This issue affects OTRS: from 7.0.X through 7.0.49, 8.0.X, 2023.X, from 2024.X through 2024.3.2; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
0
Attacker Value
Unknown
CVE-2024-4999
Disclosure Date: May 16, 2024 (last updated May 17, 2024)
A vulnerability in the web-based management interface of multiple Ligowave devices could allow an authenticated remote attacker to execute arbitrary commands with elevated privileges.This issue affects UNITY: through 6.95-2; PRO: through 6.95-1.Rt3883; MIMO: through 6.95-1.Rt2880; APC Propeller: through 2-5.95-4.Rt3352.
0
Attacker Value
Unknown
CVE-2024-3462
Disclosure Date: May 14, 2024 (last updated May 15, 2024)
Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users.
All versions up to 2.9.0 (tested) and possibly newer ones are believed to be vulnerable as the vendor has not confirmed releasing a patch.
0
Attacker Value
Unknown
CVE-2024-0916
Disclosure Date: April 25, 2024 (last updated April 26, 2024)
Unauthenticated file upload allows remote code execution.
This issue affects UvDesk Community: from 1.0.0 through 1.1.3.
0
Attacker Value
Unknown
CVE-2024-31251
Disclosure Date: April 12, 2024 (last updated April 13, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1.
0
Attacker Value
Unknown
CVE-2024-3137
Disclosure Date: April 02, 2024 (last updated April 03, 2024)
Improper Privilege Management in uvdesk/community-skeleton
0