Total
307050 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47424 | 2024-11-19 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1. | |||||
| CVE-2024-51921 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in midori scrollup allows DOM-Based XSS.This issue affects scrollup: from n/a through 1.1. | |||||
| CVE-2024-42450 | 2024-11-19 | N/A | 10.0 CRITICAL | ||
| The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres to listen on all network interfaces. This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system. Exploitation Status: Versa Networks is not aware of this exploitation in any production systems. A proof of concept exists in the lab environment. Workarounds or Mitigation: Starting with the latest 22.1.4 version of Versa Director, the software will automatically restrict access to the Postgres and HA ports to only the local and peer Versa Directors. For older releases, Versa recommends performing manual hardening of HA ports. Please refer to the following link for the steps https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Secure_HA_Ports This vulnerability is not exploitable on Versa Directors if published Firewall guidelines are implemented. We have validated that no Versa-hosted head ends have been affected by this vulnerability. All Versa-hosted head ends are patched and hardened. Please contact Versa Technical Support or Versa account team for any further assistance. Software Download Links: 22.1.4: https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4 | |||||
| CVE-2024-51864 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agnel Waghela Shortcode Collection allows Stored XSS.This issue affects Shortcode Collection: from n/a through 1.4. | |||||
| CVE-2024-51934 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uri Lazcano (Urielink) Ekiline Block Collection allows DOM-Based XSS.This issue affects Ekiline Block Collection: from n/a through 1.0.5. | |||||
| CVE-2024-51930 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jie Wang Custom URL Shortener allows Stored XSS.This issue affects Custom URL Shortener: from n/a through 0.3.6. | |||||
| CVE-2024-51867 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexander Conroy Simpul Events by Esotech allows Stored XSS.This issue affects Simpul Events by Esotech: from n/a through 1.8.5. | |||||
| CVE-2024-51862 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Baptiste Wicht Google Visualization Charts allows Stored XSS.This issue affects Google Visualization Charts: from n/a through 0.1. | |||||
| CVE-2024-51931 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marketever AzonBox allows DOM-Based XSS.This issue affects AzonBox: from n/a through 1.1.2. | |||||
| CVE-2024-51914 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gopi Ramasamy drop in image slideshow gallery allows DOM-Based XSS.This issue affects drop in image slideshow gallery: from n/a through 12.0. | |||||
| CVE-2024-51908 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gonzalo Geraldo Adventure Bucket List allows DOM-Based XSS.This issue affects Adventure Bucket List: from n/a through 1.0.9. | |||||
| CVE-2024-51870 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aniketji007 Ultimate Flipbox Addon for Elementor allows Stored XSS.This issue affects Ultimate Flipbox Addon for Elementor: from n/a through .4. | |||||
| CVE-2024-51503 | 2024-11-19 | N/A | 8.0 HIGH | ||
| A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines. | |||||
| CVE-2024-51937 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Information Analytics IA Map Analytics Basic allows DOM-Based XSS.This issue affects IA Map Analytics Basic: from n/a through 20170413. | |||||
| CVE-2024-51924 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexandre Magno WP Agenda allows Stored XSS.This issue affects WP Agenda: from n/a through 2.0. | |||||
| CVE-2024-51916 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Brahma Multifox Plus allows DOM-Based XSS.This issue affects Multifox Plus: from n/a through 1.1.6. | |||||
| CVE-2024-51918 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Freshlight Lab Pay With Stripe allows DOM-Based XSS.This issue affects Pay With Stripe: from n/a through 1.2.1. | |||||
| CVE-2024-51835 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajinkya N OpenCart Product Display allows Stored XSS.This issue affects OpenCart Product Display: from n/a through 1.0. | |||||
| CVE-2024-51925 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sazzad Hu Testimonial Slider Shortcode allows Stored XSS.This issue affects Testimonial Slider Shortcode: from n/a through 1.1.9. | |||||
| CVE-2024-51863 | 2024-11-19 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Profit-Funnels PF Timer allows Stored XSS.This issue affects PF Timer: from n/a through 1.0.0. | |||||