6.5

CVSS3.1

CVE-2024-32024 - Kohya_ss vulenrable to path injection in `common_gui.py` `add_pre_postfix` function (`GHSL-2024-023…

Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `add_pre_postfix` function. This vulnerability is fixed in 23.1.5.

πŸ“… Published: April 16, 2024, 2:42 p.m. πŸ”„ Last Modified: Sept. 8, 2025, 8:23 p.m.

6.5

CVSS3.1

CVE-2024-32023 - Kohya_ss vulnerable to path injection in `common_gui.py` `find_and_replace` function (`GHSL-2024-02…

Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a path injection in the `common_gui.py` `find_and_replace` function. This vulnerability is fixed in 23.1.5.

πŸ“… Published: April 16, 2024, 2:39 p.m. πŸ”„ Last Modified: Sept. 8, 2025, 8:29 p.m.

5.3

CVSS3.1

CVE-2024-31451 - Limited file write in routes.py (GHSL-2023-250)

DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable to unauthenticated limited file write in routes.py. This vulnerability is fixed in 0.8.1.

πŸ“… Published: April 16, 2024, 2:28 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-30256 - Open WebUI vulnerable to server-side request forgery in utils.py

Open WebUI is a user-friendly WebUI for LLMs. Open-webui is vulnerable to authenticated blind server-side request forgery. This vulnerability is fixed in 0.1.117.

πŸ“… Published: April 16, 2024, 2:24 p.m. πŸ”„ Last Modified: June 30, 2025, 2:30 p.m.

6.4

CVSS3.1

CVE-2024-3672 - BA Book Everything <= 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'. This makes it possibl…

πŸ“… Published: April 16, 2024, 12:51 p.m. πŸ”„ Last Modified: April 8, 2026, 7:21 p.m.

4.3

CVSS3.1

CVE-2024-3243 - Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) A…

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access an…

πŸ“… Published: April 16, 2024, 12:51 p.m. πŸ”„ Last Modified: April 8, 2026, 6:21 p.m.

4.3

CVSS3.1

CVE-2024-3869 - Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) C…

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscriber level access to view coupon codes.

πŸ“… Published: April 16, 2024, 12:51 p.m. πŸ”„ Last Modified: April 8, 2026, 6:21 p.m.

7.2

CVSS3.1

CVE-2024-3067 - WooCommerce Google Feed Manager <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-…

The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl…

πŸ“… Published: April 16, 2024, 12:51 p.m. πŸ”„ Last Modified: April 8, 2026, 6:21 p.m.

6.5

CVSS3.1

CVE-2024-3367 - Argument injection to runmqsc

Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p26 and <2.3.0b5 allows local attacker to inject one argument to runmqsc

πŸ“… Published: April 16, 2024, 11:59 a.m. πŸ”„ Last Modified: Dec. 5, 2024, 2:28 p.m.

6.4

CVSS3.1

CVE-2024-1357 - Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross…

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_timeline shortcode in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping on user supplied attributes such as thu…

πŸ“… Published: April 16, 2024, 9:33 a.m. πŸ”„ Last Modified: April 8, 2026, 7:20 p.m.
Total resulsts: 349182
Page 10270 of 34,919
Β« previous page Β» next page
Filters