Show filters
16,726 Total Results
Displaying 741-750 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown

CVE-2024-38832

Disclosure Date: November 26, 2024 (last updated February 27, 2025)
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
0
Attacker Value
Unknown

CVE-2024-38831

Disclosure Date: November 26, 2024 (last updated February 27, 2025)
VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to  a root user on the appliance running VMware Aria Operations.
0
Attacker Value
Unknown

CVE-2024-38830

Disclosure Date: November 26, 2024 (last updated February 27, 2025)
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.
0
Attacker Value
Unknown

CVE-2024-10579

Disclosure Date: November 26, 2024 (last updated February 27, 2025)
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the preview_module() function in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view unpublished forms.
Attacker Value
Unknown

CVE-2024-11202

Disclosure Date: November 26, 2024 (last updated February 27, 2025)
Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cminds_free_guide shortcode in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Attacker Value
Unknown

CVE-2024-53268

Disclosure Date: November 25, 2024 (last updated February 27, 2025)
Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments. This issue has been addressed in version 3.0.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
0
Attacker Value
Unknown

CVE-2024-11672

Disclosure Date: November 25, 2024 (last updated February 27, 2025)
Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature.
0
Attacker Value
Unknown

CVE-2024-11671

Disclosure Date: November 25, 2024 (last updated February 27, 2025)
Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching.
0
Attacker Value
Unknown

CVE-2024-11670

Disclosure Date: November 25, 2024 (last updated February 27, 2025)
Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions.
0
Attacker Value
Unknown

CVE-2024-11662

Disclosure Date: November 25, 2024 (last updated February 27, 2025)
A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. It has been rated as critical. This issue affects the function deploy_host_vars of the file /apps/api/views/deploy_api.py of the component API Endpoint. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
0