6.8

CVSS3.1

CVE-2024-22440 - HPE Compute Scale-up Server 3200 Server, Disclosure of Sensitive Information

A potential security vulnerability has been identified in HPE Compute Scale-up Server 3200 server. This vulnerability could cause disclosure of sensitive information in log files.

πŸ“… Published: April 17, 2024, 6:56 a.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.8

CVSS3.1

CVE-2024-2309 - WP Staging < 3.4.0, 5.4.0 (Pro Version) - Admin+ Stored XSS

The WP STAGING WordPress Backup Plugin WordPress plugin before 3.4.0, wp-staging-pro WordPress plugin before 5.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html ca…

πŸ“… Published: April 17, 2024, 5 a.m. πŸ”„ Last Modified: May 30, 2025, 3:56 p.m.

5.9

CVSS3.1

CVE-2024-2118 - Social Media Share Buttons < 2.8.9 - Admin+ Stored XSS via settings

The Social Media Share Buttons & Social Sharing Icons WordPress plugin before 2.8.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exam…

πŸ“… Published: April 17, 2024, 5 a.m. πŸ”„ Last Modified: May 8, 2025, 8:32 p.m.

4.7

CVSS3.1

CVE-2024-2102 - Salon booking system < 9.6.3 - Unauthenticated Stored XSS

The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_prefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Booki…

πŸ“… Published: April 17, 2024, 5 a.m. πŸ”„ Last Modified: April 14, 2025, 1:42 p.m.

5.7

CVSS3.1

CVE-2024-2101 - WordPress Plugin Salon Booking System < 9.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)

The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the maliciou…

πŸ“… Published: April 17, 2024, 5 a.m. πŸ”„ Last Modified: April 14, 2025, 1:42 p.m.

5.3

CVSS3.1

CVE-2024-1219 - Easy Social Feed < 6.5.6 - Contributor+ Stored XSS

The Easy Social Feed WordPress plugin before 6.5.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privil…

πŸ“… Published: April 17, 2024, 5 a.m. πŸ”„ Last Modified: May 8, 2025, 8:32 p.m.

5.3

CVSS3.1

CVE-2024-0868 - coreActivity < 2.1 - Unauthenticated IP Spoofing

The coreActivity: Activity Logging plugin for WordPress plugin before 2.1 retrieved IP addresses of requests via headers such X-FORWARDED to log them, allowing users to spoof them by providing an arbitrary value

πŸ“… Published: April 17, 2024, 5 a.m. πŸ”„ Last Modified: June 17, 2025, 6:52 p.m.

4.3

CVSS3.1

CVE-2024-22329 - IBM WebSphere Application Server server-side request forgery

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID: 27995…

πŸ“… Published: April 17, 2024, 1:21 a.m. πŸ”„ Last Modified: Nov. 21, 2024, 8:56 a.m.

7

CVSS3.1

CVE-2024-22354 - IBM WebSphere Application Server XML external entity injection

IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memo…

πŸ“… Published: April 17, 2024, 1:07 a.m. πŸ”„ Last Modified: Nov. 21, 2024, 8:56 a.m.

3.8

CVSS3.1

CVE-2024-32314 -

Tenda AC500 V2.0.1.9(1307) firmware contains a command injection vulnerablility in the formexeCommand function via the cmdinput parameter.

πŸ“… Published: April 17, 2024, midnight πŸ”„ Last Modified: March 17, 2025, 2:49 p.m.
Total resulsts: 349182
Page 10237 of 34,919
Β« previous page Β» next page
Filters