6.4
CVE-2024-31099 - WordPress Phlox Core Elements plugin <= 2.15.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7.
2.4
CVE-2024-3125 - Zebra ZTC GK420d Alert Setup Page settings cross site scripting
A vulnerability classified as problematic was found in Zebra ZTC GK420d 1.0. This vulnerability affects unknown code of the file /settings of the component Alert Setup Page. The manipulation of the argument Address leads to cross site scripting. The attack can be initiated remotely. The exploit hasโฆ
2.4
CVE-2024-3124 - fridgecow smartalarm Backup File androidmanifest.xml backup
A vulnerability classified as problematic has been found in fridgecow smartalarm 1.8.1 on Android. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible tโฆ
3.5
CVE-2022-4966 - sequentech admin-console Election Description cross site scripting
A vulnerability was found in sequentech admin-console up to 6.1.7 and classified as problematic. Affected by this issue is some unknown functionality of the component Election Description Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to versโฆ
7.8
CVE-2023-6154 - Local privilege escalation in Bitdefender Total Security (VA-11168)
A configuration setting issue in seccenter.exe as used in Bitdefender Total Security, Bitdefender Internet Security, Bitdefender Antivirus Plus, Bitdefender Antivirus Free allows an attacker to change the product's expected behavior and potentially load a third-party library upon execution. This isโฆ
5.7
CVE-2024-3130 - Insecure Data Storage leading to sensitive Information disclosure.
Hard-coded Credentialsย in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker toย unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app
6.5
CVE-2016-15038 - NUUO NVRmini 2 deletefile.php path traversal
A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed toโฆ
6.1
CVE-2024-2278 - WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS
Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
4.8
CVE-2024-2263 - WooCommerce Product Filter < 1.4.4 - Reflected XSS
Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
4.7
CVE-2024-2262 - WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF
Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs