5.4

CVSS3.1

CVE-2024-4174 - Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server

Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server affecting version 2.0.15. This vulnerability could allow an attacker to execute malicious Javascript code on the client by injecting that code into the URL.

πŸ“… Published: April 25, 2024, 11:44 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2024-4166 - Tenda 4G300 sub_41E858 stack-based overflow

A vulnerability has been found in Tenda 4G300 1.01.42 and classified as critical. Affected by this vulnerability is the function sub_41E858. The manipulation of the argument GO/page leads to stack-based buffer overflow. The attack can be launched remotely. The identifier VDB-261985 was assigned to …

πŸ“… Published: April 25, 2024, 11:31 a.m. πŸ”„ Last Modified: Jan. 21, 2025, 2:45 p.m.

8.8

CVSS3.1

CVE-2024-4165 - Tenda G3 modifyDhcpRule stack-based overflow

A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.17(9502). Affected is the function modifyDhcpRule of the file /goform/modifyDhcpRule. The manipulation of the argument bindDhcpIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. T…

πŸ“… Published: April 25, 2024, 11:31 a.m. πŸ”„ Last Modified: July 12, 2025, 11:06 p.m.

5.4

CVSS3.1

CVE-2024-3730 - Simple Membership <= 4.4.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpm_paypal_subscription_cancel_link' shortcode in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

πŸ“… Published: April 25, 2024, 11 a.m. πŸ”„ Last Modified: April 8, 2026, 6:21 p.m.

5.3

CVSS3.1

CVE-2024-32676 - WordPress LoginPress Pro plugin < 3.0.0 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before 3.0.0.

πŸ“… Published: April 25, 2024, 10:43 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2024-4164 - Tenda G3 ModifyPppAuthWhiteMac formModifyPppAuthWhiteMac stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.17(9502). This issue affects the function formModifyPppAuthWhiteMac of the file /goform/ModifyPppAuthWhiteMac. The manipulation of the argument pppoeServerWhiteMacIndex leads to stack-based buffer overflow. The at…

πŸ“… Published: April 25, 2024, 10:31 a.m. πŸ”„ Last Modified: July 13, 2025, 11:22 a.m.

7.5

CVSS3.1

CVE-2024-25583 - Crafted responses can lead to a denial of service in Recursor if recursive forwarding is configured

A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.

πŸ“… Published: April 25, 2024, 9:45 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS3.1

CVE-2023-52220 - WordPress MonsterInsights plugin <= 8.21.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in MonsterInsights Google Analytics by Monster Insights.This issue affects Google Analytics by Monster Insights: from n/a through 8.21.0.

πŸ“… Published: April 25, 2024, 9:33 a.m. πŸ”„ Last Modified: April 28, 2026, 4:09 p.m.

5.4

CVSS3.1

CVE-2024-3994 - Tutor LMS – eLearning and online course solution <= 2.6.2 - Authenticated (Contributor+) Stored Cro…

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutor_instructor_list' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user supplied attribute…

πŸ“… Published: April 25, 2024, 9:29 a.m. πŸ”„ Last Modified: April 8, 2026, 6:21 p.m.

6.4

CVSS3.1

CVE-2024-4035 - Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.21 - Authenticated (Author+) C…

The Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.7.7.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at…

πŸ“… Published: April 25, 2024, 9:29 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 10168 of 34,919
Β« previous page Β» next page
Filters