7.3

CVSS3.1

CVE-2024-3359 - SourceCodester Online Library System login.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Library System 1.0. This issue affects some unknown processing of the file admin/login.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploi…

📅 Published: April 6, 2024, 4 a.m. 🔄 Last Modified: Feb. 10, 2025, 11:09 p.m.

3.5

CVSS3.1

CVE-2024-3358 - SourceCodester Aplaya Beach Resort Online Reservation System index.php cross site scripting

A vulnerability classified as problematic was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument to leads to cross site scripting. The attack can be initiated remotely. The explo…

📅 Published: April 6, 2024, 3:31 a.m. 🔄 Last Modified: Feb. 26, 2025, 6:56 p.m.

5.3

CVSS3.1

CVE-2024-2950 - BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.14 - Information Exposure

The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information (og:description) This makes it possible for unauthenticated attackers to view the first 130 characters of a password protecte…

📅 Published: April 6, 2024, 3:24 a.m. 🔄 Last Modified: April 8, 2026, 7:21 p.m.

5.3

CVSS3.1

CVE-2024-3216 - WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.2 - Missing Auth…

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wt_pklist_reset_settings() function in all versions up to, and including, 4.4.2. This makes it possible fo…

📅 Published: April 6, 2024, 3:24 a.m. 🔄 Last Modified: April 8, 2026, 7:21 p.m.

7.1

CVSS3.1

CVE-2024-1385 - WP-Stateless – Google Cloud Storage <= 3.4.0 - Missing Authorization to Limited Arbitrary Options U…

The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismiss_notices() function in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with subscriber-level access a…

📅 Published: April 6, 2024, 3:24 a.m. 🔄 Last Modified: April 8, 2026, 6:20 p.m.

4.4

CVSS3.1

CVE-2024-2656 - Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in all versions up to, and including, 5.7.14 due to insufficient input sanitization and output escaping.…

📅 Published: April 6, 2024, 3:24 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.4

CVSS3.1

CVE-2024-3245 - EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any …

The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Youtube block in all versions up to, and including, 3.9.14 due to insufficient…

📅 Published: April 6, 2024, 2:32 a.m. 🔄 Last Modified: April 8, 2026, 7:21 p.m.

4.3

CVSS3.1

CVE-2024-1994 - Image Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark Modificat…

The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermark_action_ajax() function in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with subscriber-level access and abo…

📅 Published: April 6, 2024, 1:54 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

8.8

CVSS3.1

CVE-2024-28741 -

Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.

📅 Published: April 6, 2024, midnight 🔄 Last Modified: April 15, 2026, 12:35 a.m.

5.2

CVSS3.1

CVE-2024-21506 - python-pymongo: out of bounds read

Duplicate of CVE-2024-5629.

📅 Published: April 6, 2024, midnight 🔄 Last Modified: June 5, 2024, 3:15 p.m.
Total resulsts: 349182
Page 10417 of 34,919
« previous page » next page
Filters