Show filters
16,724 Total Results
Displaying 731-740 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown

CVE-2024-52452

Disclosure Date: December 02, 2024 (last updated February 27, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eduNEXT Open edX LMS allows Reflected XSS.This issue affects Open edX LMS: from n/a through 2.6.1.
0
Attacker Value
Unknown

CVE-2024-52497

Disclosure Date: November 28, 2024 (last updated February 27, 2025)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in quomodosoft Shopready allows PHP Local File Inclusion.This issue affects Shopready: from n/a through 3.5.
0
Attacker Value
Unknown

CVE-2024-8672

Disclosure Date: November 28, 2024 (last updated February 27, 2025)
The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders. This is due to the plugin allowing users to supply input that will be passed through eval() without any filtering or capability checks. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. Special note: We suggested the vendor implement an allowlist of functions and limit the ability to execute commands to just administrators, however, they did not take our advice. We are considering this patched, however, we believe it could still be further hardened and there may be residual risk with how the issue is currently patched.
0
Attacker Value
Unknown

CVE-2024-22038

Disclosure Date: November 28, 2024 (last updated February 27, 2025)
Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.
0
Attacker Value
Unknown

CVE-2024-10580

Disclosure Date: November 27, 2024 (last updated February 27, 2025)
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submit_form() function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submit unpublished forms.
0
Attacker Value
Unknown

CVE-2024-11820

Disclosure Date: November 27, 2024 (last updated February 27, 2025)
A vulnerability, which was classified as problematic, has been found in code-projects Crud Operation System 1.0. This issue affects some unknown processing of the file /add.php. The manipulation of the argument saddress leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Attacker Value
Unknown

CVE-2024-8676

Disclosure Date: November 26, 2024 (last updated March 04, 2025)
A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the pod spec, verifying that the pod has access to the mounts it specifies are not applicable to a restored container. This flaw allows a malicious user to trick CRI-O into restoring a pod that doesn't have access to host mounts. The user needs access to the kubelet or cri-o socket to call the restore endpoint and trigger the restore.
0
Attacker Value
Unknown

CVE-2024-49038

Disclosure Date: November 26, 2024 (last updated February 27, 2025)
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.
Attacker Value
Unknown

CVE-2024-38834

Disclosure Date: November 26, 2024 (last updated February 27, 2025)
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
0
Attacker Value
Unknown

CVE-2024-38833

Disclosure Date: November 26, 2024 (last updated February 27, 2025)
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
0