Show filters
695 Total Results
Displaying 31-40 of 695
Sort by:
Attacker Value
Unknown
CVE-2022-4974
Disclosure Date: October 16, 2024 (last updated October 16, 2024)
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
0
Attacker Value
Unknown
CVE-2024-9381
Disclosure Date: October 08, 2024 (last updated October 17, 2024)
Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.
0
Attacker Value
Unknown
CVE-2024-9380
Disclosure Date: October 08, 2024 (last updated October 12, 2024)
An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
0
Attacker Value
Unknown
CVE-2024-9379
Disclosure Date: October 08, 2024 (last updated October 12, 2024)
SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.
0
Attacker Value
Unknown
CVE-2024-8963
Disclosure Date: September 19, 2024 (last updated September 21, 2024)
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
0
Attacker Value
Unknown
CVE-2024-41164
Disclosure Date: August 14, 2024 (last updated August 20, 2024)
When TCP profile with Multipath TCP enabled (MPTCP) is configured on a Virtual Server, undisclosed traffic along with conditions beyond the attackers control can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
0
Attacker Value
Unknown
CVE-2024-34012
Disclosure Date: June 14, 2024 (last updated August 08, 2024)
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272.
0
Attacker Value
Unknown
CVE-2024-26462
Disclosure Date: February 29, 2024 (last updated February 15, 2025)
Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.
0
Attacker Value
Unknown
CVE-2023-48556
Disclosure Date: December 15, 2023 (last updated December 19, 2023)
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
0
Attacker Value
Unknown
CVE-2023-48555
Disclosure Date: December 15, 2023 (last updated December 19, 2023)
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
0