Show filters
16,726 Total Results
Displaying 741-750 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown
CVE-2024-49038
Disclosure Date: November 26, 2024 (last updated February 27, 2025)
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.
0
Attacker Value
Unknown
CVE-2024-38834
Disclosure Date: November 26, 2024 (last updated February 27, 2025)
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
0
Attacker Value
Unknown
CVE-2024-38833
Disclosure Date: November 26, 2024 (last updated February 27, 2025)
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
0
Attacker Value
Unknown
CVE-2024-38832
Disclosure Date: November 26, 2024 (last updated February 27, 2025)
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
0
Attacker Value
Unknown
CVE-2024-38831
Disclosure Date: November 26, 2024 (last updated February 27, 2025)
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations.
0
Attacker Value
Unknown
CVE-2024-38830
Disclosure Date: November 26, 2024 (last updated February 27, 2025)
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.
0
Attacker Value
Unknown
CVE-2024-10579
Disclosure Date: November 26, 2024 (last updated February 27, 2025)
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the preview_module() function in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view unpublished forms.
0
Attacker Value
Unknown
CVE-2024-11202
Disclosure Date: November 26, 2024 (last updated February 27, 2025)
Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cminds_free_guide shortcode in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
0
Attacker Value
Unknown
CVE-2024-53268
Disclosure Date: November 25, 2024 (last updated February 27, 2025)
Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments. This issue has been addressed in version 3.0.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
0
Attacker Value
Unknown
CVE-2024-11672
Disclosure Date: November 25, 2024 (last updated February 27, 2025)
Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature.
0