Show filters
653 Total Results
Displaying 21-30 of 653
Sort by:
Attacker Value
Unknown
CVE-2024-11386
Disclosure Date: January 11, 2025 (last updated February 27, 2025)
The GatorMail SmartForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gatormailsmartform' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
Attacker Value
Unknown
CVE-2024-12836
Disclosure Date: December 30, 2024 (last updated February 27, 2025)
Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22450.
0
Attacker Value
Unknown
CVE-2024-12835
Disclosure Date: December 30, 2024 (last updated February 27, 2025)
Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of ICS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22415.
0
Attacker Value
Unknown
CVE-2024-12834
Disclosure Date: December 30, 2024 (last updated February 27, 2025)
Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22414.
0
Attacker Value
Unknown
CVE-2024-8950
Disclosure Date: December 25, 2024 (last updated February 27, 2025)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection.This issue affects Piramit Automation: before 27.09.2024.
0
Attacker Value
Unknown
CVE-2024-12677
Disclosure Date: December 20, 2024 (last updated February 27, 2025)
Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code.
0
Attacker Value
Unknown
CVE-2024-8972
Disclosure Date: December 17, 2024 (last updated February 27, 2025)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection.This issue affects Saha365 App: before 30.09.2024.
0
Attacker Value
Unknown
CVE-2024-11275
Disclosure Date: December 13, 2024 (last updated February 27, 2025)
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with Timetics Customer access and above, to delete arbitrary users.
0
Attacker Value
Unknown
CVE-2024-44856
Disclosure Date: December 06, 2024 (last updated February 27, 2025)
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner().
0
Attacker Value
Unknown
CVE-2024-44855
Disclosure Date: December 06, 2024 (last updated February 27, 2025)
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner().
0