6.4

CVSS3.1

CVE-2024-31099 - WordPress Phlox Core Elements plugin <= 2.15.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7.

๐Ÿ“… Published: April 1, 2024, 2:07 p.m. ๐Ÿ”„ Last Modified: May 29, 2025, 1:59 p.m.

2.4

CVSS3.1

CVE-2024-3125 - Zebra ZTC GK420d Alert Setup Page settings cross site scripting

A vulnerability classified as problematic was found in Zebra ZTC GK420d 1.0. This vulnerability affects unknown code of the file /settings of the component Alert Setup Page. The manipulation of the argument Address leads to cross site scripting. The attack can be initiated remotely. The exploit hasโ€ฆ

๐Ÿ“… Published: April 1, 2024, 2 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

2.4

CVSS3.1

CVE-2024-3124 - fridgecow smartalarm Backup File androidmanifest.xml backup

A vulnerability classified as problematic has been found in fridgecow smartalarm 1.8.1 on Android. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible tโ€ฆ

๐Ÿ“… Published: April 1, 2024, 12:31 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

3.5

CVSS3.1

CVE-2022-4966 - sequentech admin-console Election Description cross site scripting

A vulnerability was found in sequentech admin-console up to 6.1.7 and classified as problematic. Affected by this issue is some unknown functionality of the component Election Description Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to versโ€ฆ

๐Ÿ“… Published: April 1, 2024, noon ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.8

CVSS3.1

CVE-2023-6154 - Local privilege escalation in Bitdefender Total Security (VA-11168)

A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This isโ€ฆ

๐Ÿ“… Published: April 1, 2024, 10:06 a.m. ๐Ÿ”„ Last Modified: Feb. 7, 2025, 4:52 p.m.

5.7

CVSS3.1

CVE-2024-3130 - Insecure Data Storage leading to sensitive Information disclosure.

Hard-coded Credentialsย in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker toย unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app

๐Ÿ“… Published: April 1, 2024, 9:13 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2016-15038 - NUUO NVRmini 2 deletefile.php path traversal

A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed toโ€ฆ

๐Ÿ“… Published: April 1, 2024, 5:31 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.1

CVSS3.1

CVE-2024-2278 - WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS

Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

๐Ÿ“… Published: April 1, 2024, 5 a.m. ๐Ÿ”„ Last Modified: May 7, 2025, 1:07 a.m.

4.8

CVSS3.1

CVE-2024-2263 - WooCommerce Product Filter < 1.4.4 - Reflected XSS

Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

๐Ÿ“… Published: April 1, 2024, 5 a.m. ๐Ÿ”„ Last Modified: May 13, 2025, 1:04 a.m.

4.7

CVSS3.1

CVE-2024-2262 - WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF

Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs

๐Ÿ“… Published: April 1, 2024, 5 a.m. ๐Ÿ”„ Last Modified: May 13, 2025, 1:01 a.m.
Total resulsts: 349182
Page 10490 of 34,919
ยซ previous page ยป next page
Filters