Show filters
653 Total Results
Displaying 71-80 of 653
Sort by:
Attacker Value
Unknown

CVE-2024-4658

Disclosure Date: October 10, 2024 (last updated February 26, 2025)
SQL Injection: Hibernate vulnerability in TE Informatics Nova CMS allows SQL Injection.This issue affects Nova CMS: before 5.0.
0
Attacker Value
Unknown

CVE-2024-9237

Disclosure Date: October 04, 2024 (last updated February 26, 2025)
The Fish and Ships – Most flexible shipping table rate. A WooCommerce shipping rate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.5.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Attacker Value
Unknown

CVE-2024-8159

Disclosure Date: October 03, 2024 (last updated February 26, 2025)
Deep Freeze 9.00.020.5760 is vulnerable to an out-of-bounds read vulnerability by triggering the 0x70014 IOCTL code of the FarDisk.sys driver.
Attacker Value
Unknown

CVE-2024-47134

Disclosure Date: October 03, 2024 (last updated February 26, 2025)
Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.
Attacker Value
Unknown

CVE-2024-47531

Disclosure Date: September 30, 2024 (last updated February 26, 2025)
Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users' devices or data. This vulnerability is fixed in 4.89.
Attacker Value
Unknown

CVE-2024-47530

Disclosure Date: September 30, 2024 (last updated February 26, 2025)
Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89.
Attacker Value
Unknown

CVE-2024-8644

Disclosure Date: September 27, 2024 (last updated February 26, 2025)
Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).This issue affects ValeApp: before v2.0.0.
Attacker Value
Unknown

CVE-2024-8643

Disclosure Date: September 27, 2024 (last updated February 26, 2025)
Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking.This issue affects ValeApp: before v2.0.0.
Attacker Value
Unknown

CVE-2024-8609

Disclosure Date: September 27, 2024 (last updated February 26, 2025)
Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information.This issue affects ValeApp: before v2.0.0.
Attacker Value
Unknown

CVE-2024-8608

Disclosure Date: September 27, 2024 (last updated February 26, 2025)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oceanic Software ValeApp allows Stored XSS.This issue affects ValeApp: before v2.0.0.