Show filters
462 Total Results
Displaying 61-70 of 462
Sort by:
Attacker Value
Unknown
CVE-2024-51928
Disclosure Date: November 19, 2024 (last updated February 27, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jakir Hasan Blocks Post Grid allows DOM-Based XSS.This issue affects Blocks Post Grid: from n/a through 1.0.3.
0
Attacker Value
Unknown
CVE-2024-51852
Disclosure Date: November 19, 2024 (last updated February 27, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DynamicWebLab Dynamic Post Grid Elementor Addon allows DOM-Based XSS.This issue affects Dynamic Post Grid Elementor Addon: from n/a through 1.0.6.
0
Attacker Value
Unknown
CVE-2023-4639
Disclosure Date: November 17, 2024 (last updated February 27, 2025)
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity.
0
Attacker Value
Unknown
CVE-2024-10728
Disclosure Date: November 16, 2024 (last updated February 27, 2025)
The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the 'install_required_plugin_callback' function in all versions up to, and including, 4.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated.
0
Attacker Value
Unknown
CVE-2024-21994
Disclosure Date: November 08, 2024 (last updated February 27, 2025)
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to a service crash.
0
Attacker Value
Unknown
CVE-2023-1932
Disclosure Date: November 07, 2024 (last updated February 27, 2025)
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.
0
Attacker Value
Unknown
CVE-2024-37483
Disclosure Date: November 01, 2024 (last updated February 27, 2025)
Missing Authorization vulnerability in Post Grid Team by RadiusTheme The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Post Grid: from n/a through 7.7.4.
0
Attacker Value
Unknown
CVE-2024-37482
Disclosure Date: November 01, 2024 (last updated February 27, 2025)
Missing Authorization vulnerability in Post Grid Team by RadiusTheme The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Post Grid: from n/a through 7.7.4.
0
Attacker Value
Unknown
CVE-2024-37481
Disclosure Date: November 01, 2024 (last updated February 27, 2025)
Missing Authorization vulnerability in Post Grid Team by RadiusTheme The Post Grid allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects The Post Grid: from n/a through 7.7.4.
0
Attacker Value
Unknown
CVE-2024-37453
Disclosure Date: November 01, 2024 (last updated February 27, 2025)
Missing Authorization vulnerability in ProfileGrid User Profiles ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfileGrid: from n/a through 5.8.7.
0