Search and browse vulnerability records from NVD
Showing 50 of 42218 CVEs
| CVE ID | Severity | Description | EPSS | Published | |
|---|---|---|---|---|---|
| 7.3 HIGH |
Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue. |
35.5% | 2024-10-07 | ||
| 7.0 HIGH |
Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service. |
0.2% | 2024-10-07 | ||
| 8.3 HIGH |
Missing Authentication - User & System Configuration |
0.2% | 2024-10-07 | ||
| 8.8 HIGH |
A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support. |
0.2% | 2024-10-07 | ||
| 8.8 HIGH |
IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay. |
0.3% | 2024-10-07 | ||
| 7.3 HIGH |
A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument. |
0.2% | 2024-10-07 | ||
| 7.3 HIGH |
A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument. |
0.2% | 2024-10-07 | ||
|
CVE-2024-43047
KEV
|
7.8 HIGH |
Memory corruption while maintaining memory maps of HLOS memory. |
0.7% | 2024-10-07 | |
| 8.4 HIGH |
Memory corruption while taking snapshot when an offset variable is set by camera driver. |
0.1% | 2024-10-07 | ||
| 7.6 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.13.11. |
0.4% | 2024-10-07 | ||
| 8.5 HIGH |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal WPExperts Square For GiveWP wpexperts-square-for-give allows SQL Injection.This issue affects WPExperts Square For GiveWP: from n/a through <= 1.3. |
0.4% | 2024-10-06 | ||
| 7.5 HIGH |
Multi-DNC – CWE-35: Path Traversal: '.../...//' |
0.5% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in David Garlitz viala allows Reflected XSS.This issue affects viala: from n/a through 1.3.1. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability in nicejob NiceJob nicejob allows Stored XSS.This issue affects NiceJob: from n/a through < 3.6.5. |
0.2% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin wp-timelines allows Reflected XSS.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through <= 3.6.7. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Westguard WS Form LITE ws-form allows Stored XSS.This issue affects WS Form LITE: from n/a through <= 1.9.238. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Secure Copy Content Protection and Content Locking secure-copy-content-protection-subscribe-to-view allows Stored XSS.This issue affects Secure Copy Content Protection and Content Locking: from n/a through <= 4.2.3. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Apps Bit Form bit-form allows Stored XSS.This issue affects Bit Form: from n/a through <= 2.13.10. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Tauqeer CubeWP Forms cubewp-forms allows Stored XSS.This issue affects CubeWP Forms: from n/a through <= 1.1.1. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople CP Polls cp-polls allows Reflected XSS.This issue affects CP Polls: from n/a through <= 1.0.74. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) unlimited-elements-for-elementor allows Reflected XSS.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through <= 1.5.121. |
0.3% | 2024-10-06 | ||
| 7.3 HIGH |
Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element |
0.2% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Bulk Delete wp-bulk-delete allows Stored XSS.This issue affects WP Bulk Delete: from n/a through <= 1.3.1. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amauri WPMobile.App wpappninja.This issue affects WPMobile.App: from n/a through <= 11.50. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YellowPencil YellowPencil Visual CSS Style Editor yellow-pencil-visual-theme-customizer allows Reflected XSS.This issue affects YellowPencil Visual CSS Style Editor: from n/a through <= 7.6.4. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Chartify chart-builder allows Reflected XSS.This issue affects Chartify: from n/a through <= 2.7.6. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Newsletters newsletters-lite allows Reflected XSS.This issue affects Newsletters: from n/a through <= 4.9.9.1. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lester Chan WP-DownloadManager wp-downloadmanager allows Reflected XSS.This issue affects WP-DownloadManager: from n/a through <= 1.68.8. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JWardee WP Mail Catcher wp-mail-catcher allows Reflected XSS.This issue affects WP Mail Catcher: from n/a through <= 2.1.9. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Reflected XSS.This issue affects Loops & Logic: from n/a through <= 4.1.4. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eyal Fitoussi GEO my WordPress geo-my-wp allows Reflected XSS.This issue affects GEO my WordPress: from n/a through <= 4.5.0.3. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ILLID Share This Image share-this-image allows Reflected XSS.This issue affects Share This Image: from n/a through <= 2.01. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through <= 4.13.0. |
0.3% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bookingalgorithms BA Book Everything ba-book-everything.This issue affects BA Book Everything: from n/a through <= 1.6.20. |
0.3% | 2024-10-06 | ||
| 7.8 HIGH |
Diebold Nixdorf – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
0.2% | 2024-10-06 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through <= 6.5.0.2. |
1.4% | 2024-10-05 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpweb Social Auto Poster social-auto-poster allows Reflected XSS.This issue affects Social Auto Poster: from n/a through <= 5.3.15. |
0.3% | 2024-10-05 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bannersky BSK Forms Blacklist bsk-gravityforms-blacklist allows Reflected XSS.This issue affects BSK Forms Blacklist: from n/a through <= 3.8.1. |
0.3% | 2024-10-05 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robokassa Robokassa payment gateway for Woocommerce robokassa allows Reflected XSS.This issue affects Robokassa payment gateway for Woocommerce: from n/a through <= 1.6.1. |
0.3% | 2024-10-05 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eyecix JobSearch wp-jobsearch allows Reflected XSS.This issue affects JobSearch: from n/a through <= 2.5.9. |
0.3% | 2024-10-05 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Reflected XSS.This issue affects NEX-Forms: from n/a through <= 8.7.3. |
0.3% | 2024-10-05 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.mihai SliceWP slicewp allows Reflected XSS.This issue affects SliceWP: from n/a through <= 1.1.18. |
0.3% | 2024-10-05 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Extended The Ultimate WordPress Toolkit – WP Extended wpextended allows Reflected XSS.This issue affects The Ultimate WordPress Toolkit – WP Extended: from n/a through <= 3.0.8. |
0.3% | 2024-10-05 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Reflected XSS.This issue affects WP Compress: from n/a through <= 6.20.13. |
0.3% | 2024-10-05 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.6.3. |
0.3% | 2024-10-05 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shamalli Web Directory Free web-directory-free allows Reflected XSS.This issue affects Web Directory Free: from n/a through <= 1.7.3. |
0.3% | 2024-10-05 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lomu WPCOM Member wpcom-member allows Reflected XSS.This issue affects WPCOM Member: from n/a through <= 1.5.4. |
0.3% | 2024-10-05 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Copyscape Copyscape Premium copyscape-premium allows Stored XSS.This issue affects Copyscape Premium: from n/a through <= 1.3.9. |
0.2% | 2024-10-05 | ||
| 7.1 HIGH |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Reflected XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <= 4.4.6. |
0.3% | 2024-10-05 | ||
| 7.5 HIGH |
Path Traversal: '.../...//' vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin wp-timelines.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through <= 3.6.7. |
0.5% | 2024-10-05 |