Show filters
304,120 Total Results
Displaying 1-10 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown

CVE-2024-4014

Disclosure Date: April 20, 2024 (last updated April 20, 2024)
The hCaptcha for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf7-hcaptcha shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
Attacker Value
Unknown

CVE-2024-1730

Disclosure Date: April 20, 2024 (last updated April 20, 2024)
The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html tags used in widgets in all versions up to, and including, 3.14.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
Attacker Value
Unknown

CVE-2024-1057

Disclosure Date: April 20, 2024 (last updated April 20, 2024)
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuite_button' shortcode in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes like 'button_class'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
Attacker Value
Unknown

CVE-2024-31994

Disclosure Date: April 19, 2024 (last updated April 20, 2024)
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file system in whole (leading to possible disk consumption), however the more likely scenario given resource limitations is that the container will OOM during file retrieval if the target file size is greater than the allocated memory of the container. At best this can be used to force the container to infinitely restart due to OOM (if so configured in `docker-compose.yml), or at worst this can be used to force the Mealie container to crash and remain offline. In the event that the file can be retrieved, the lack of rate limiting on this endpoint also permits an attacker to generate ongoing requests to any target of their choice, potentially contributing to an external-facing DoS attack. This vulnerability is fixed in 1.4.0.
0
Attacker Value
Unknown

CVE-2024-1480

Disclosure Date: April 19, 2024 (last updated April 20, 2024)
Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.
0
Attacker Value
Unknown

CVE-2024-4018

Disclosure Date: April 19, 2024 (last updated April 20, 2024)
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3.
0
Attacker Value
Unknown

CVE-2024-4017

Disclosure Date: April 19, 2024 (last updated April 20, 2024)
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3.
0
Attacker Value
Unknown

CVE-2024-32392

Disclosure Date: April 19, 2024 (last updated April 20, 2024)
Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote attacker to execute arbitrary code via the functions.php component.
0
Attacker Value
Unknown

CVE-2024-32391

Disclosure Date: April 19, 2024 (last updated April 20, 2024)
Cross Site Scripting vulnerability in MacCMS v.10 v.2024.1000.3000 allows a remote attacker to execute arbitrary code via a crafted payload.
0
Attacker Value
Unknown

CVE-2024-31993

Disclosure Date: April 19, 2024 (last updated April 20, 2024)
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the scrape_image function will retrieve an image based on a user-provided URL, however the provided URL is not validated to point to an external location and does not have any enforced rate limiting. The response from the Mealie server will also vary depending on whether or not the target file is an image, is not an image, or does not exist. Additionally, when a file is retrieved the file may remain stored on Mealie’s file system as original.jpg under the UUID of the recipe it was requested for. If the attacker has access to an admin account (e.g. the default changeme@example.com), this file can then be retrieved. Note that if Mealie is running in a development setting this could be leveraged by an attacker to retrieve any file that the Mealie server had downloaded in this fashion without the need for administrator access. This vulnerability is fixed in 1.4.0.
0