6.5

CVSS3.1

CVE-2024-32470 - Tolgee' API keys created by server admin users bypass the permission check

Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and immediately fixed in v3.57.4.

πŸ“… Published: April 18, 2024, 3:05 p.m. πŸ”„ Last Modified: Sept. 11, 2025, 9:29 p.m.

9.3

CVSS3.1

CVE-2024-2796 - SSRF in Akana API Platform

A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.

πŸ“… Published: April 18, 2024, 3:04 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

2.7

CVSS3.1

CVE-2024-32466 - Tolgee's API key scopes not checked when querying translation data

Tolgee is an open-source localization platform. For the `/v2/projects/translations` and `/v2/projects/{projectId}/translations` endpoints, translation data was returned even when API key was missing `translation.view` scope. However, it was impossible to fetch the data when user was missing this sc…

πŸ“… Published: April 18, 2024, 3:02 p.m. πŸ”„ Last Modified: Sept. 11, 2025, 9:31 p.m.

3.9

CVSS3.1

CVE-2024-30257 - 1Panel's password verification is suspected to have a timing attack vulnerability

1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts.

πŸ“… Published: April 18, 2024, 2:56 p.m. πŸ”„ Last Modified: Feb. 11, 2025, 5:46 p.m.

9.1

CVSS3.1

CVE-2024-29021 - SSRF into Sandbox Escape through Unsafe Default Configuration

Judge0 is an open-source online code execution system. The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). This allows an attacker with sufficient access to the Judge0 API to obtain unsandboxed code execution as root on the t…

πŸ“… Published: April 18, 2024, 2:43 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

10

CVSS3.1

CVE-2024-28189 - Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link

Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o…

πŸ“… Published: April 18, 2024, 2:40 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

10

CVSS3.1

CVE-2024-28185 - Judge0 vulnerable to Sandbox Escape via Symbolic Link

Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `r…

πŸ“… Published: April 18, 2024, 2:31 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2023-6892 - EAN for WooCommerce <= 4.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via alg_wc_…

The EAN for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_ean_product_meta' shortcode in all versions up to, and including, 4.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f…

πŸ“… Published: April 18, 2024, 11:05 a.m. πŸ”„ Last Modified: April 8, 2026, 7:19 p.m.

4.3

CVSS3.1

CVE-2023-6897 - EAN for WooCommerce <= 4.9.2 - Insecure Direct Object Reference to Sensitve Information Exposure vi…

The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'alg_wc_ean_product_meta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with con…

πŸ“… Published: April 18, 2024, 11:05 a.m. πŸ”„ Last Modified: April 8, 2026, 5:17 p.m.

6.8

CVSS3.1

CVE-2023-50885 - WordPress Store Locator WordPress Plugin <= 1.4.14 is vulnerable to Arbitrary File Deletion

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AGILELOGIX Store Locator WordPress.This issue affects Store Locator WordPress: from n/a through 1.4.14.

πŸ“… Published: April 18, 2024, 11 a.m. πŸ”„ Last Modified: April 28, 2026, 4:08 p.m.
Total resulsts: 349182
Page 10215 of 34,919
Β« previous page Β» next page
Filters