6.3

CVSS3.1

CVE-2024-3719 - Campcodes House Rental Management System ajax.php sql injection

A vulnerability, which was classified as critical, was found in Campcodes House Rental Management System 1.0. This affects an unknown part of the file ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosedโ€ฆ

๐Ÿ“… Published: April 13, 2024, 11 a.m. ๐Ÿ”„ Last Modified: July 13, 2025, 11:14 a.m.

4.3

CVSS3.1

CVE-2024-3662 - WPZOOM Social Feed Widget & Block <= 2.1.13 - Missing Authorization to Authenticated (Subscriber+) โ€ฆ

The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level accโ€ฆ

๐Ÿ“… Published: April 13, 2024, 8:41 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.4

CVSS3.1

CVE-2023-6494 - WPC Smart Quick View for WooCommerce <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scโ€ฆ

The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administratoโ€ฆ

๐Ÿ“… Published: April 13, 2024, 8:41 a.m. ๐Ÿ”„ Last Modified: April 8, 2026, 4:49 p.m.

5.4

CVSS3.1

CVE-2024-2583 - Shortcodes Ultimate < 7.0.5 - Contributor+ Stored XSS

The WP Shortcodes Plugin โ€” Shortcodes Ultimate WordPress plugin before 7.0.5 does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks.

๐Ÿ“… Published: April 13, 2024, 5 a.m. ๐Ÿ”„ Last Modified: May 12, 2025, 7:41 p.m.

6.4

CVSS3.1

CVE-2024-3027 - Smart Slider 3 <= 3.5.1.22 - Missing Authorization to Limited File Upload

The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access and above, to upload โ€ฆ

๐Ÿ“… Published: April 13, 2024, 1:57 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-1957 - GiveWP โ€“ Donation Plugin and Fundraising Platform <= 3.6.1 -- Authenticated(Contributor+) Stored Crโ€ฆ

The GiveWP โ€“ Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'give_form' shortcode in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makโ€ฆ

๐Ÿ“… Published: April 13, 2024, 1:57 a.m. ๐Ÿ”„ Last Modified: April 8, 2026, 6:20 p.m.

5.5

CVSS3.1

CVE-2024-26817 - amdkfd: use calloc instead of kzalloc to avoid integer overflow

In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow.

๐Ÿ“… Published: April 13, 2024, midnight ๐Ÿ”„ Last Modified: Nov. 4, 2025, 7:17 p.m.

8.6

CVSS3.1

CVE-2024-32487 - less: OS command injection

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESโ€ฆ

๐Ÿ“… Published: April 13, 2024, midnight ๐Ÿ”„ Last Modified: June 17, 2025, 8:58 p.m.

4.1

CVSS3.1

CVE-2024-32028 - Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore

OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoing http requests and `OpenTelemetry.Instrumenโ€ฆ

๐Ÿ“… Published: April 12, 2024, 10:58 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.3

CVSS3.1

CVE-2024-31462 - Limited file write in Stable-diffusion-webui - GHSL-2024-010

stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_saveโ€ฆ

๐Ÿ“… Published: April 12, 2024, 9:41 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 10305 of 34,919
ยซ previous page ยป next page
Filters