7.5

CVSS3.1

CVE-2024-28130 -

An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

📅 Published: April 23, 2024, 2:46 p.m. 🔄 Last Modified: Nov. 4, 2025, 6:16 p.m.

5.3

CVSS3.1

CVE-2024-32679 - WordPress Shared Files plugin <= 1.7.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.16.

📅 Published: April 23, 2024, 2:12 p.m. 🔄 Last Modified: April 23, 2026, 3:18 p.m.

6.4

CVSS3.1

CVE-2024-2477 - wpDiscuz <= 7.6.15 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Alterna…

The wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of an uploaded image in all versions up to, and including, 7.6.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with auth…

📅 Published: April 23, 2024, 1:50 p.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

5.4

CVSS3.1

CVE-2023-47731 - IBM QRadar Suite Software cross-site scripting

IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading…

📅 Published: April 23, 2024, 12:16 p.m. 🔄 Last Modified: Aug. 13, 2025, 1:31 p.m.

6.5

CVSS3.1

CVE-2024-3911 - Welotec: Clickjacking Vulnerability in WebUI

An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames. 

📅 Published: April 23, 2024, 12:14 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-3491 - Schema & Structured Data for WP & AMP <= 1.29 - Authenticated (Contributor+) Stored Cross-Site Scri…

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "How To" and "FAQ" Blocks in all versions up to, and including, 1.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it pos…

📅 Published: April 23, 2024, 11:07 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-3732 - GeoDirectory – WordPress Business Directory Plugin, or Classified Directory <= 2.3.48 - Authenticat…

The GeoDirectory – WordPress Business Directory Plugin, or Classified Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gd_single_tabs' shortcode in all versions up to, and including, 2.3.48 due to insufficient input sanitization and output escaping on us…

📅 Published: April 23, 2024, 9:32 a.m. 🔄 Last Modified: April 8, 2026, 6:21 p.m.

6.4

CVSS3.1

CVE-2024-3665 - Rank Math SEO with AI SEO Tools <= 1.0.216 - Authenticated (Contributor+) Stored Cross-Site Scripti…

The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f…

📅 Published: April 23, 2024, 9:32 a.m. 🔄 Last Modified: April 8, 2026, 5:18 p.m.

6.8

CVSS3.1

CVE-2024-3185 - Rapid7 Insight Agent Sensitive Key Exposed To Local Users

A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges. This w…

📅 Published: April 23, 2024, 8:39 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS3.1

CVE-2024-0900 - Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click …

The Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! plugin for WordPress is vulnerable to unauthorized post creation due to a missing capability check on the elespare_create_post() function hooked via AJAX in all …

📅 Published: April 23, 2024, 8:32 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 10188 of 34,919
« previous page » next page
Filters