Show filters
11,898 Total Results
Displaying 421-430 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown

CVE-2024-11772

Disclosure Date: December 10, 2024 (last updated February 27, 2025)
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Attacker Value
Unknown

CVE-2024-11639

Disclosure Date: December 10, 2024 (last updated February 27, 2025)
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access
Attacker Value
Unknown

CVE-2024-11634

Disclosure Date: December 10, 2024 (last updated February 27, 2025)
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)
Attacker Value
Unknown

CVE-2024-11633

Disclosure Date: December 10, 2024 (last updated February 27, 2025)
Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution
Attacker Value
Unknown

CVE-2024-10256

Disclosure Date: December 10, 2024 (last updated February 27, 2025)
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.
0
Attacker Value
Unknown

CVE-2024-11928

Disclosure Date: December 10, 2024 (last updated February 27, 2025)
The iChart – Easy Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Attacker Value
Unknown

CVE-2024-54149

Disclosure Date: December 09, 2024 (last updated February 27, 2025)
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access via the permissions. As all objects passed through to Twig are references to the live objects, it is also possible to also manipulate model data if models are passed directly to Twig, including changing attributes or even removing records entirely. In most cases, this is unwanted behavior and potentially dangerous. To actively exploit this security issue, an attacker would need access to the Backend with a user account with any of the following permissions: `cms.manage_layouts`; `cms.manage_pages`; or `cms.manage_partials`. The Winter CMS maintainers strongly recommend that these pe…
0
Attacker Value
Unknown

CVE-2024-11991

Disclosure Date: December 09, 2024 (last updated February 27, 2025)
Motoko's incremental garbage collector is impacted by an uninitialized memory access bug, caused by incorrect use of write barriers in a few locations. This vulnerability could potentially allow unauthorized read or write access to a Canister's memory. However, exploiting this bug requires the Canister to enable the incremental garbage collector or enhanced orthogonal persistence, which are non-default features in Motoko.
0
Attacker Value
Unknown

CVE-2024-54223

Disclosure Date: December 09, 2024 (last updated February 27, 2025)
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Contact Form - Repute InfoSystems ARForms Form Builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through 1.7.1.
0
Attacker Value
Unknown

CVE-2024-43222

Disclosure Date: December 09, 2024 (last updated February 27, 2025)
Missing Authorization vulnerability in SeventhQueen Sweet Date.This issue affects Sweet Date: from n/a through 3.7.3.
0