5.4

CVSS3.1

CVE-2024-31985 - XWiki Platform CSRF in the job scheduler

XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in an…

πŸ“… Published: April 10, 2024, 8:11 p.m. πŸ”„ Last Modified: Jan. 23, 2025, 3:51 p.m.

10

CVSS3.1

CVE-2024-31984 - XWiki Platform: Remote code execution through space title and Solr space facet

XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edi…

πŸ“… Published: April 10, 2024, 7:53 p.m. πŸ”„ Last Modified: Jan. 21, 2025, 4:20 p.m.

10

CVSS3.1

CVE-2024-31983 - XWiki Platform: Remote code execution from edit in multilingual wikis via translations

XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). Starting i…

πŸ“… Published: April 10, 2024, 7:44 p.m. πŸ”„ Last Modified: Jan. 21, 2025, 4:22 p.m.

10

CVSS3.1

CVE-2024-31982 - XWiki Platform: Remote code execution as guest via DatabaseSearch

XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed …

πŸ“… Published: April 10, 2024, 7:38 p.m. πŸ”„ Last Modified: Sept. 25, 2025, 5:15 p.m.

10

CVSS3.1

CVE-2024-31981 - XWiki Platform: Privilege escalation (PR) from user registration through PDFClass

XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically us…

πŸ“… Published: April 10, 2024, 7:22 p.m. πŸ”„ Last Modified: Jan. 21, 2025, 4:26 p.m.

4.3

CVSS3.1

CVE-2024-31939 - WordPress Import any XML or CSV File to WordPress plugin <= 3.7.3 - Cross Site Request Forgery (CSR…

Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3.

πŸ“… Published: April 10, 2024, 7:17 p.m. πŸ”„ Last Modified: April 28, 2026, 4:09 p.m.

10

CVSS3.1

CVE-2024-31465 - XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet

XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type `XWiki.SearchSuggestSourceClass` to their user profile or any other page…

πŸ“… Published: April 10, 2024, 7:12 p.m. πŸ”„ Last Modified: Jan. 9, 2025, 4:49 p.m.

4.3

CVSS3.1

CVE-2024-31430 - Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR and WOLF WordPress plugins

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: …

πŸ“… Published: April 10, 2024, 7:10 p.m. πŸ”„ Last Modified: April 28, 2026, 4:09 p.m.

4.3

CVSS3.1

CVE-2024-31386 - Multiple WordPress themes affected by Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet Grid…

πŸ“… Published: April 10, 2024, 6:47 p.m. πŸ”„ Last Modified: April 28, 2026, 4:09 p.m.

3.7

CVSS3.1

CVE-2024-3515 -

Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

πŸ“… Published: April 10, 2024, 6:41 p.m. πŸ”„ Last Modified: Feb. 13, 2025, 5:52 p.m.
Total resulsts: 349182
Page 10329 of 34,919
Β« previous page Β» next page
Filters