4.7

CVSS3.1

CVE-2024-2159 - Sassy Social Share < 3.3.61 - Contributor+ Stored XSS

The Social Sharing Plugin WordPress plugin before 3.3.61 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

πŸ“… Published: April 26, 2024, 5 a.m. πŸ”„ Last Modified: May 8, 2025, 7:14 p.m.

6.3

CVSS3.1

CVE-2024-0905 - Fancy Product Designer < 6.1.8 - Reflected Cross Site Scripting

The Fancy Product Designer WordPress plugin before 6.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users

πŸ“… Published: April 26, 2024, 5 a.m. πŸ”„ Last Modified: May 8, 2025, 7:14 p.m.

8

CVSS3.1

CVE-2024-4163 - Privilege Escalation on Skylab IIoT Gateway (IGX)

The Skylab IGX IIoT Gateway allowed users to connect to it via a limited shell terminal (IGX). However, it was discovered that the process was running under root privileges. This allowed the attacker to read, write, and modify any file in the operating system by utilizing the limited shell file exe…

πŸ“… Published: April 26, 2024, 2:26 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6

CVSS3.1

CVE-2022-48682 -

In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink.

πŸ“… Published: April 26, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.9

CVSS3.1

CVE-2023-26603 -

JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory with Insecure Permissions. This allows privilege escalation to SYSTEM via a repair action in the installer.

πŸ“… Published: April 26, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.5

CVSS3.1

CVE-2023-52646 - aio: fix mremap after fork null-deref

In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced a null-deref if mremap is called on an old aio mapping after fork as mm->ioctx_table will be set to NULL. [jmoyer@r…

πŸ“… Published: April 26, 2024, midnight πŸ”„ Last Modified: May 4, 2025, 7:40 a.m.

6.1

CVSS3.1

CVE-2024-33665 -

angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks.

πŸ“… Published: April 26, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.5

CVSS3.1

CVE-2024-32887 - Reflected XSS in sidekiq

Sidekiq is simple, efficient background processing for Ruby. Sidekiq is reflected XSS vulnerability. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the application. An attacker could exploit it to…

πŸ“… Published: April 26, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4

CVSS3.1

CVE-2024-33263 -

QuickJS commit 3b45d15 was discovered to contain an Assertion Failure via JS_FreeRuntime(JSRuntime *) at quickjs.c.

πŸ“… Published: April 26, 2024, midnight πŸ”„ Last Modified: Sept. 22, 2025, 1:48 p.m.

8.1

CVSS3.1

CVE-2024-31502 -

An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate privileges via a crafted POST request to /admin/core/new_staff.

πŸ“… Published: April 26, 2024, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 10160 of 34,919
Β« previous page Β» next page
Filters